OFFICIAL

MICROSOFT

LEARNING

PRODUCT

6427A
Lab Instructions and Answer Key: Configuring and Troubleshooting Internet Information Services in Windows Server® 2008

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Access, Active Directory, Internet Explorer, Outlook, PowerPoint, SharePoint, SQL Server, Visual Basic, Visual C#, Visual Studio, Win32, Windows, Windows Media, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

Technical Reviewer: Philip Morgan

Product Number: 6427A Part Number: X14-69082 Released: 12/2007

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

1

Module 1
Lab Instructions: Configuring an Internet Information Services 7.0 Web Server
Contents:
Exercise 1: Installing IIS Using Role Manager Exercise 2: Installing IIS Using Unattended Setup Exercise 3: Installing IIS on Server Core from Command Line Exercise 4: Configuring IIS and Validating Functionality 2 4 6 8

2

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Lab: Configuring an IIS 7.0 Web Server

Exercise 1: Installing IIS Using Role Manager
Scenario
You receive a service request from the Enterprise Design Team to prepare three Web servers to host Web sites and Web applications. One of the companies acquired by Woodgrove Bank has a classic ASP application that needs to be hosted in IIS7.

0 Web Server 3 Exercise Overview In this exercise. Turn on Network Discovery. Test functionality by loading http://localhost in the browser. you will learn how to install IIS 7. 2. Task 3: Install the Web server role • • Use Server Manager to add the Web Server (IIS) role and ASP as a required service.Lab Instructions: Configuring an Internet Information Services 7. Results: After this exercise. This exercise’s main tasks are: 1. Install the Web server role.0 using Role Manager. . Start the 6427A-NYC-SVR1 virtual machine and log on as LocalAdmin. Task 1: Start the 6427A-NYC-SVR1 virtual machine and log on as LocalAdmin • Start 6427A-NYC-SVR1. Task 2: Turn on Network Discovery • Open Network and Sharing Center and turn on Network Discovery and File Sharing for all public networks. you should have successfully verified that the Web Server (IIS) role is installed and loaded the IIS Welcome page in Internet Explorer. and log on as LocalAdmin with the password of Pa$$w0rd. 3.

NET application server and will need to have all security. Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin.NET application.XML file based on the example given on the student CD by modifying it to only install the features needed. This will be an ASP. compression and caching features installed so that development can experiment with configuration. Task 1: Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin • Start 6427A-NYC-SVR3. Create the Unattend. You will install IIS by creating an Unattend.0 Web Server Exercise 2: Installing IIS Using Unattended Setup Scenario Now you will set up the second IIS Web server to host the new ASP. 2. 3. you will learn how to install IIS using unattended setup. and log on as LocalAdmin with the password of Pa$$w0rd.4 Lab Instructions: Configuring an Internet Information Services 7. Exercise Overview In this exercise. Install IIS using Pkgmgr with the Unattend.XML file by copying the default XML file provided and removing unnecessary features. 4.XML file and verify once completed. This exercise’s main tasks are: 1. . Task 2: Turn on Network Discovery • Open Network and Sharing Center and turn on Network Discovery and File Sharing for all public networks. Turn on Network Discovery.

and open http://localhost in the browser. 3. Task 4: Install IIS using Pkgmgr with the Unattend. Open E:\mod01\labfiles\unattend. Start /w pkgmgr /n:unattend. 2. Verify installation by using the command echo %errorlevel%.XML file by copying the default XML file provided and removing unnecessary features 1. you should have successfully installed IIS using an unattend file and verified the IIS Welcome page. Save the modified file to c:\unattend.0 Web Server 5 Task 3: Create the Unattend.xml.XML file and verify once completed 1.xml to install IIS. . Results: After this exercise.xml in Notepad and delete the following lines: <selection <selection <selection <selection <selection <selection <selection <selection <selection <selection name="IIS-HttpRedirect" state="true"/> name="IIS-ASP" state="true"/> name="IIS-CGI" state="true"/> name="IIS-ISAPIExtensions" state="true"/> name="IIS-ISAPIFilter" state="true"/> name="IIS-IIS6ManagementCompatibility" state="true"/> name="IIS-Metabase" state="true"/> name="IIS-WMICompatibility" state="true"/> name="IIS-LegacyScripts" state="true"/> name="IIS-LegacySnapIn" state="true"/> 2.Lab Instructions: Configuring an Internet Information Services 7. Use Server Manager to verify that the Web server role is installed.

3. Task 1: Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator • Start 6427A-NYC-SVR2. you will learn how to install IIS via the command line in a Server Core environment. Task 2: Disable the firewall • On NYC-SVR2. Install IIS from the command line. Disable the firewall. in the command prompt window. 2. . This exercise’s main tasks are: 1. type netsh firewall set opmode disable and press Enter. Exercise Overview In this exercise. Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator.0 Web Server Exercise 3: Installing IIS on Server Core from Command Line Scenario The final server you will install is a Server Core Web server that will act primarily as a redirection server to the ASP server.6 Lab Instructions: Configuring an Internet Information Services 7. and log on as Administrator with the password of Pa$$w0rd.

WASProcessModel • 2. in Internet Explorer.IIS-StaticContent. When the process completes. browse to http://nyc-svr2 to verify functionality. Note that the feature names are casesensitive: Start /w pkgmgr /iu:IIS-WebServerRole. On NYC-SVR1. Results: After this exercise. Type the following and then press Enter.0 Web Server 7 Task 3: Install IIS from the command line 1.IIS-DefaultDocument.IISCommonHttpFeatures. you should have successfully installed IIS on Microsoft® Server 2008 Server Core from the command line and verified by loading the IIS Welcome page from another machine running Internet Explorer. type echo %errorlevel%.IIS-HttpRedirect. .Lab Instructions: Configuring an Internet Information Services 7.WAS-WindowsActivationService.IIS-WebServer. and then press Enter.IISHttpErrors.

8 Lab Instructions: Configuring an Internet Information Services 7. This exercise’s main tasks are: 1. Enable Send Errors to Browser. • • • 2. such as http://nyc-svr1/default. Configure NYC-SVR2 to have no default documents. enable directory browsing. under ASP Compilation settings. Under Compression. browse to a page on NYC-SVR1 that does not exist. in Internet Information Services (IIS) Manager. Exercise Overview In this exercise. Under Error Pages. Under HTTP Response Headers. detailed error messages. configure UDDI. and redirect requests to NYC-SVR1. . and enable dynamic output compression. On NYC-SVR3. 2. 3. enable Static Content Compression. in Internet Explorer.asp to check error functionality. set Expire Web Content. detailed error messages.0 Web Server Exercise 4: Configuring IIS and Validating Functionality Scenario With the three Web servers installed. enable windows authentication and impersonation. Task 1: Configure NYC-SVR1 for ASP debugging. Configure NYC-SVR3 to trace server errors. enable Detailed error messages. HTTP compression and SMTP Service. On NYC-SVR1. and HTTP compression 1. Configure NYC-SVR1 for ASP debugging. you will configure common IIS features and validate functionality. configure each as necessary to perform its function. enable Client-side and Server-side debugging.

add a cache rule for the aspx extension to enable User-mode caching. 4. 3. enable directory browsing. under Failed Request Tracing. • 2. server name SMTP. • Browse to http://localhost/aspnet_client and investigate the failed request log.0 Web Server 9 Task 2: Configure NYC-SVR3 to trace server errors. in Internet Information Services (IIS) Manager. Enable Directory Browsing.com. Add a rule to trace status code 500 for critical errors. and enable dynamic output compression and SMTP 1. enable windows authentication and impersonation. Test the configuration by browsing to http://localhost/uddi.NET. enable Failed Request Tracing.WoodgroveBank. • Under ASP. In IIS Manager. configure UDDI. configure SMTP email for email address NYCSVR3@WoodGroveBank. .com. In Server Manager. and ASP. under Output Caching. add the UDDI Services role and configure it to not require SSL.Lab Instructions: Configuring an Internet Information Services 7. 5. Windows Authentication.NET Impersonation. On NYC-SVR3.

24/" /> 2. in Internet Explorer. type cd \windows\system32\inetsrv\config and then press Enter. and redirect requests to NYC-SVR1 1. browse to http://nyc-svr2 to test the redirection.0. you should have successfully configured and verified the configuration of the three web servers. Scroll down to <httpRedirect enabled="false" /> (approximately line 246).10. Results: After this exercise. in the command prompt window. On NYC-SVR2. and modify this line to read: <httpRedirect enabled="true" exactDestination="false" childOnly="false" destination="http://10. On NYC-SVR3.0 Web Server Task 3: Configure NYC-SVR2 to have no default documents. Scroll down to <defaultDocument enabled="true"> (approximately line 169). • • • Type edit applicationHost. . and change "true" to "false".10 Lab Instructions: Configuring an Internet Information Services 7.config and then press Enter.

0 Web Sites and Application Pools 1 Module 2 Lab Instructions: Configuring IIS 7.0 Web Sites and Application Pools Contents: Exercise 1: Configuring Authentication Types Exercise 2: Creating a Web Site and Web Application Exercise 3: Creating an Application Pool Exercise 4: Configuring an Existing Application Pool 2 5 7 8 .Lab Instructions: Configuring IIS 7.

0 Web Sites and Application Pools Lab: Configuring IIS 7. Only authenticated users should be able to access restricted. There will be two access levels: public and restricted.2 Lab Instructions: Configuring IIS 7. Anyone on the network should be able to access the public content.0 Web Sites and Application Pools Exercise 1: Configuring Authentication Types Scenario You receive a service request from the Enterprise Design Team to organize the existing NYC-WEB-A server into virtual directories by access level. .

and log on as LocalAdmin with the password of Pa$$w0rd. Add Basic. 3. Start the 6427A-NYC-DC1 virtual machine. Windows Integrated and Digest Security features to the IIS Role • Use Server Manager to add the Basic Authentication. Configure the public virtual directory for anonymous authentication. Task 1: Start the 6427A-NYC-DC1 virtual • Start 6427A-NYC-DC1. Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator. Task 3: Add Basic. and Digest Authentication role services to the Web server role.0 Web Sites and Application Pools 3 Exercise Overview In this exercise. 4. Windows Integrated and Digest Security features to the IIS Role. . This exercise’s main tasks are: 1. 5. Windows Authentication. you will learn how to create virtual directories and configure anonymous authentication. Create a virtual directory named Public. 2.Lab Instructions: Configuring IIS 7. Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator • Start 6427A-NYC-WEB-A.

5. you should have successfully verified that the Public directory is created. and loaded the IIS Welcome page in Internet Explorer with the Guest account.4 Lab Instructions: Configuring IIS 7. Open http://localhost/public in the browser to verify that the local guest can browse to the public directory. Use Switch user to login as local administrator with password of Pa$$w0rd before continuing with next exercise. Use Internet Information Services Manager to make sure that Anonymous Authentication is enabled for Public. 3. In Server Manager. and allow Guest to log on locally.0 Web Sites and Application Pools Task 4: Create a virtual directory named public • • Use Internet Information Services Manager to create a virtual directory named public pointing to the physical directory c:\inetpub\public. Use Switch User to logon as NYC-WEB-A\Guest with no password. 2. 4. Task 5: Configure the public virtual directory for anonymous authentication 1. Copy the contents of c:\inetpub\wwwroot to c:\inetpub\public. . enable the local Guest account. Results: After this exercise.

you will learn how to create web sites and applications. Task 2: Copy the Woodgrove Application to the Appropriate Directory • Copy the Woodgrove application from e:\Mod02\Labfiles\Woodgrove to c:\inetpub\woodgrove. 4.0 Web Sites and Application Pools 5 Exercise 2: Creating a Web Site and Web Application Scenario Next you will create two web sites. Copy the Woodgrove application to the appropriate directory. This exercise’s main tasks are: 1. . Task 1: Create a site named Woodgrove • On NYC-WEB-A. Exercise Overview In this exercise. Add the . 3. and its http port to 88. named Woodgrove and Exec respectively.NET 3.Lab Instructions: Configuring IIS 7. You will also delegate administrative access to ITAdmins_WoodgroveGG. 2. Exec will be a .NET 3.0 application.0 Feature to the server. in the employee and restricted virtual directories. Create a site named Woodgrove. in IIS Manager. Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG. and two web applications. add a Web site named Woodgrove and set its physical path to c:\inetpub\woodgrove.

NET 3. give Full Control to the security group ITAdmins_WoodgroveGG.0 Feature and ASP. you should have successfully installed . add .NET. Results: After this exercise. under Permissions.NET.NET 3. and created the Woodgrove site and copied its content.NET 3.0 Web Sites and Application Pools Task 3: Add the . ASP. Task 4: Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG • In IIS Manager.0 Framework and ASP. .0 Framework.NET to the server • In Server Manager.6 Lab Instructions: Configuring IIS 7.

0 Web Sites and Application Pools 7 Exercise 3: Creating an Application Pool Scenario You will now create a new application pool for temporary applications. Exercise Overview In this exercise. in IIS Manager. add an application pool named TempPool.. Create an application pool named TempPool. Task 1: Create an application pool named TempPool • On NYC-WEB-A. Results: After this exercise. This exercise’s main task is: 1. .Lab Instructions: Configuring IIS 7. you will learn how to create an application pool. you should have successfully added an application pool named TempPool.

8 Lab Instructions: Configuring IIS 7. Stop. stopping. You will also rename the Exec and Woodgrove pools to ExecPool and WoodgrovePool. You will also practice starting. Configure TempPool to use LocalSystem as worker process identity. 5. and recycling the application pools and configuring health settings. Remove TempPool.0 Web Sites and Application Pools Exercise 4: Configuring an Existing Application Pool Scenario Next. 4. Configure Health and Recycling settings for WoodgrovePool. Configure WoodgrovePool and the Woodgrove site for Windows Integrated authentication to allow all authenticated users. 3. 7. This exercise’s main tasks are: 1. 6. you will configure the new application pools according to the needs for the new applications. 2. start and recycle WoodgrovePool. Configure TempPool for Classic Pipeline Mode. Exercise Overview In this exercise. you will configure the application pools and validate functionality. . Rename Woodgrove to WoodgrovePool.

woodgrovebank. browse to http://localhost:88 and compare results. In IIS Manager. in IIS Manager. then browse to http://nyc-web-a-woodgrovebank. On NYC-SVR1. Note that this machine is not joined to the domain. 2. Browse to http://nyc-web-a.com:88 and compare results. Task 3: Configure TempPool to use LocalSystem as worker process identity • In IIS Manager. logon as LocalAdmin with password Pa$$w0rd.com.0 Web Sites and Application Pools 9 Task 1: Rename Woodgrove to WoodgrovePool • On NYC-WEB-A.Lab Instructions: Configuring IIS 7. 3. On NYC-WEB-A. rename the Woodgrove application pool to WoodgrovePool. configure the TempPool application pool to use LocalSystem as its worker process identity. Task 2: Configure WoodgrovePool and the Woodgrove site for Windows Integrated authentication to allow all authenticated users 1. disable Anonymous authentication for the Woodgrove site. .

2. remove the application pool TempPool. Start the WoodgrovePool application pool and note the status.10 Lab Instructions: Configuring IIS 7. Results: After this exercise.0 Web Sites and Application Pools Task 4: Stop. start and recycle WoodgrovePool 1. 3. In IIS Manager. to log the number of requests. you should have successfully configured and verified the configuration of the application pools. Task 6: Remove TempPool • In IIS Manager. stop the WoodgrovePool application pool and note the status. configure the WoodgrovePool application pool to recycle after every 1000 requests. Task 7: Configure Health and Recycling settings for WoodgrovePool • In IIS Manager. Task 5: Configure TempPool for Classic Pipeline Mode • In IIS Manager. configure the TempPool application pool to use the classic pipeline. Recycle WoodgrovePool and note the status. . and set the Rapid Fail Failure Interval to 10 minutes.

NET Exercise 2: Configuring ASP.NET Application Development Settings Exercise 3: Configuring a Web Server to Host Multiple Applications with Separate Application Pools Exercise 4: Configuring ASP.Lab Instructions: Configuring IIS 7.NET Security 2 6 8 11 .0 Application Settings Contents: Exercise 1: Configuring ASP.0 Application Settings 1 Module 3 Lab Instructions: Configuring IIS 7.

. This requires a medium level of security. the error message returned to the client browser should direct the user to contact their district sales manager for login information.0 Application Settings Exercise 1: Configuring ASP. If there is an error. and Application Server role.2 Lab Instructions: Configuring IIS 7.0 Application Settings Lab: Configuring IIS 7.NET Scenario You receive a service request from the Enterprise Design Team to deploy an application server. on the Web Server.NET role service. The server will be available from the Internet and Sales Associates will need to log in with the user name “sales” and password “support” from their client’s sites to get contact information for support. You need to add and configure the ASP.

Lab Instructions: Configuring IIS 7. 2. Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator.aspx for all other errors. and log on as LocalAdmin with the password of Pa$$w0rd. This exercise’s main tasks are: 1.aspx for 401 errors. Configure Basic Security to allow access to authenticated Woodgrovebank domain users. and set up custom error pages to handle HTTP errors. and Other_Errors. Configure custom error pages for 401. 5.NET role service and configure ASP. and log on as Administrator with the password of Pa$$w0rd. Task 1: Start the 6427A-NYC-DC1 virtual machine and log on as LocalAdmin • Start 6427A-NYC-DC1. Add ASP. 6. 4. Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator • Start 6427A-NYC-WEB-A.NET application files. 3.NET. You will choose and configure the appropriate authentication model. you will learn how to add the ASP. Create the SalesSupport application and copy the ASP. Start the 6427A-NYC-DC1 virtual machine.NET and Basic Security features to the IIS Role.0 Application Settings 3 Exercise Overview In this exercise. .

NET application files 1. Task 4: Create the SalesSupport application and copy the ASP.4 Lab Instructions: Configuring IIS 7.NET and Basic Security features to the IIS Role • On NYC-WEB-A. On NYC-WEB-A. .0 Application Settings Task 3: Add ASP.NET and Basic Authentication role services. 2. Copy the application files from E:\Mod03\Labfiles\SalesSupport to c:\inetpub\wwwroot\SalesSupport. use IIS Manager to add the SalesSupport application with a physical path of c:\inetpub\wwwroot\SalesSupport. use Server Manager to add the ASP.

and then browse again to http://localhost/salessupport. . you should have successfully verified that the ASP. 4. Try logging in with credentials that do not have a domain account. assign the site to the allowed list. Open Internet Explorer and browse again to http://localhost/salessupport.aspx for 401 errors. and verified custom error pages in Internet Explorer. In IIS Manager. Note that you would repeat this for the rest of the error codes if you were doing this in a real world situation. and Other_Errors. Close the browser before continuing to the next task.aspx for all other errors 1. Notice that you are prompted for credentials. 3. use IIS Manager to disable Anonymous Authentication and enable Basic Authentication for the domain and realm woodgrovebank. Browse to http://localhost/salessupport. Task 6: Configure custom error pages for 401. Copy the contents of E:\Mod03\Labfiles\WBErrors to c:\inetpub\custerr \en-US. such as user name Bob with no password.aspx. 2. Close and reopen the browser. edit the custom error for error 401 so that it redirects to 401. Edit the custom error code for error 404 so that it redirects to Other_Erros.aspx.NET role service is installed. On NYC-WEB-A.Lab Instructions: Configuring IIS 7. 4. 3. If prompted. Try logging in with credentials that do not have a domain account. configured Basic authentication. 2. Enter user name yvonne with password Pa$$w0rd. Results: After this exercise.0 Application Settings 5 Task 5: Configure Basic Security to allow access to authenticated Woodgrovebank domain users 1. and then note the custom 404 error. such as user name Bob with no password.

0.MDF • On NYC-WEB-A.NET Session State settings to rename the cookie to SalesSupport. 3.mdf .MDF.AttachDbFileName=e:\mod03\labfiles\resources.\SQLEXPRESS. Finally. Next you will create a custom control for testing the new configuration. in IIS Manager.IntegratedSecurity=True . Add a custom control: Woodgrovebank.6 Lab Instructions: Configuring IIS 7. 4.0 Application Settings Exercise 2: Configuring ASP. Configure ASP. modify the Connection Strings for the SalesSupport application to use the following connection string as LocalResources: data source=.0. The Enterprise Design team is planning on implementing a database to store the support resource data.NET application development settings. Task 1: Configure ASP. you will learn how to configure ASP. You will need to enter the provided connection string.0. You will also rename the cookie that the page uses to SalesSupport.NET Connection Strings to connect to Resources. This exercise’s main tasks are: 1. Add application settings at Site and Application levels.TestControls Version=1. 2. you will set some application settings and then verify that the application can read them by loading the custom test page. Exercise Overview In this exercise.NET Connection Strings to connect to Resources. Configure ASP.NET Application Development Settings Scenario Next you will configure some test settings for the SalesSupport application.

0. register a new custom control with the tag preface of Woodgrovebank. Task 3: Add a custom control: Woodgrovebank.0 Application Settings 7 Task 2: Configure ASP. Results: After this exercise. you should have configured ASP. refresh the page and compare results. refresh the page and compare the results. 5. 3.Lab Instructions: Configuring IIS 7.NET development settings and verified test page functionality.0. add an Application setting named DefaultLocation with the value "New York" to the Default Web Site.0 • In IIS Manager. Enter username yvonne and password Pa$$w0rd.TestControls Version=1. note the inheritance setting for the Application Settings.0.aspx. Close Internet Explorer before continuing. 2. 4.0.0. In IIS Manager. In Internet Explorer. Add another Application setting named debug_mode with value "true". In Internet Explorer.NET Session State settings to rename the cookie to SalesSupport • Rename the Session State cookie name to SalesSupport_SessionID. Open Internet Explorer and browse to http://localhost/salessupport /test. . Notice that the test application reports that no application settings are defined. Task 4: Add application settings at site and application levels 1. In IIS Manager. Set the Namespace to TestControls and the Assembly to Version=1.

8

Lab Instructions: Configuring IIS 7.0 Application Settings

Exercise 3: Configuring a Web Server to Host Multiple Applications with Separate Application Pools
Scenario
You will now deploy the SalesSupport application to two new instances. Once instance will be a test deployment with additional testing configuration. Another instance will be for the German division of Woodgrove and will need to be set for German globalization settings. Additionally, you will disable the debug mode for the production version of SalesSupport.

Exercise Overview
In this exercise, you will learn how to create an application pool. This exercise’s main tasks are: 1. 2. 3. 4. 5. 6. 7. 8. Create three application pools named SalesSupport, SalesSupport_De, and SalesSupport_Test. Create the applications SalesSupport_De and SalesSupport_Test. Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and SalesSupport_Test directories. Assign the applications to the appropriate application pools. Configure application pool recycling for unlimited requests. Configure the SalesSupport_Test application pool to record recycled events. Configure the SalesSupport .NET compilation debug setting to False. Configure the SalesSupport_De application globalization settings for Germany.

Task 1: Create three application pools named SalesSupport, SalesSupport_De, and SalesSupport_Test
• On NYC-WEB-A, in IIS Manager, add three application pools named SalesSupport, SalesSupport_De, and SalesSupport_Test.

Lab Instructions: Configuring IIS 7.0 Application Settings

9

Task 2: Create the applications SalesSupport_De and SalesSupport_Test
1. 2. In IIS Manager, create an application named SalesSupport_De with a physical path of c:\inetpub\wwwroot\SalesSupport_De. Create an application named SalesSupport_Test with a physical path of c:\inetpub\wwwroot\SalesSupport_Test.

Task 3: Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and SalesSupport_Test directories
• At the command prompt, change to the c:\inetpub\wwwroot directory and then use XCopy to copy the files and directory structure from SalesSupport to SalesSupport_De and SalesSupport_Test.

Task 4: Assign the applications to the appropriate application pools
1. 2. In IIS Manager, modify the SalesSupport, SalesSupport_De and SalesSuppot_Test to use their correspondingly named application pools. Disable anonymous authentication and enable basic authentication with the domain and realm of woodgrovebank for both SalesSupport_De and SalesSupport_Test applications.

Task 5: Configure production application pool recycling for unlimited requests
• In IIS Manager, modify the SalesSupport and SalesSupport_De application pool recycling so that they do not recycle on regular intervals.

Task 6: Configure the SalesSupport_Test application pool to record recycled events
• In IIS Manager, modify the SalesSupport_Test application pool recycling to recycle every 1024 requests, and modify the Recycling Events to Log to log number of requests, On-Demand, and Configuration Changes.

10

Lab Instructions: Configuring IIS 7.0 Application Settings

Task 7: Configure the SalesSupport .NET compilation debug setting to False
• In IIS Manager, modify the SalesSupport .NET Compilation behavior settings so that Debug is False.

Task 8: Configure the SalesSupport_De application globalization settings for Germany
1. 2. In IIS Manager, modify the SalesSupport_De .NET Globalization settings so that culture and UI Culture are set to German (Germany) (de-DE). Start Internet Explorer and browse to http://localhost/salessupport and enter user name yvonne and password Pa$$w0rd. On a second and third tab, browse to http://localhost/salessupport_de and http://localhost /salesupport_test with yvonne's credentials so that all three applications are loaded in the browser. Open Task Manager and note the instances of w3wp.exe. In Internet Explorer, browse to http://localhost/salessupport_de/test.aspx and notice the date format in the page. Close Internet Explorer before continuing.
Results: After this exercise, you should have successfully deployed multiple applications with separate application pools, configured recycling and debug settings, and configured and verified .Net globalization settings.

3. 4. 5.

Lab Instructions: Configuring IIS 7.0 Application Settings

11

Exercise 4: Configuring ASP.NET Security
Scenario
Next, you will configure the machine key, .NET trust level, and File and Folder security.

Exercise Overview
In this exercise, you will configure ASP.NET security settings. This exercise’s main tasks are: 1. 2. 3. 4. 5. Set the machine key of SalesSupport_de. Configure the SalesSupport_Test site for medium trust level. Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test.aspx page on SalesSupport. Enable Tracing and Logging for the SalesSupport_Test site. Configure Request Filtering so that only ASPX requests are processed.

Task 1: Set the machine key of SalesSupport_de
• On NYC-WEB-A, in IIS Manager, generate a new Machine Key for SalesSupport_De.

Task 2: Configure the SalesSupport_Test site for medium trust level
• In IIS Manager, set the .NET Trust Level to Medium for the application SalesSupport_Test.

open c:\inetpub\wwwroot\SalesSupport_Test\test. 2. 5. a. c. browse to http://localhost/salessupport_test /test.0 Application Settings Task 3: Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test. Modify the first line to read: <@ Page Language="C#" trace="true" %> b. and then add a Failed Request Tracing Rule to trace ASP.aspx page in SalesSupport 1. Examine the page for trace messages and information. add all of the role services for Health and Diagnostics to the Web Server role. In IIS Manager. 4. In Internet Explorer. Save the file and close Notepad. such as user name Betsy and password Pa$$w0rd. Refresh the page and log in with a user account that is a member of ITAdmins_WoodgroveGG. 3.12 Lab Instructions: Configuring IIS 7.aspx and use credentials of user name Betsy and password Pa$$w0rd if prompted. .NET for Status code 200 with verbose results. In Notepad.Write("This message should appear"). In IIS Manager. 3. modify the permissions of SalesSupport\test. enable Web Site Failed Request Tracing for the Default Web Site. Close Internet Explorer before continuing. Task 4: Enable Tracing and Logging for the SalesSupport_Test site 1. In Internet Explorer. browse to http://localhost/salessupport/test.aspx. In IIS Manager. Modify the fifth line to read: Response. 4. Close Internet Explorer.aspx and try to use the credentials of yvonne as user name and password Pa$$w0rd.aspx so that permissions are not inherited and only ITAdmins_WoodgroveGG is allowed. 2.

Lab Instructions: Configuring IIS 7. 7.aspx. but the graphic does not display. Notice that the page loads without error. • 4.png. and browse to http://localhost/welcome.aspx" allowed="true"/> </fileExtensions> </requestFiltering> </security> 2.aspx and use credentials of user name Betsy and password Pa$$w0rd if prompted. open c:\inetpub\wwwroot\web. Notice the error.htm. In Internet Explorer. In Notepad. Notice that this page contains the graphic.htm. Browse to http://localhost/iisstart. Examine the Errors and Warning section.NET. . you should have successfully configured and verified the configuration of the advanced security settings for ASP. and then browse to http://localhost/iisstart. Open Internet Explorer. Results: After this exercise. change to the c:\inetpub\wwwroot directory and then copy iisstart. 5.config. 7.png. At the command prompt. 6. Task 5: Configure Request Filtering so that only ASPX requests are processed 1. In Internet Explorer. After the sixth line. browse to http://localhost/iisstart.xml file from c:\inetpub\logs\failedreqlogfiles\w3svc.0 Application Settings 13 6.aspx. browse to http://localhost/welcome. open the most recent fr######. 3.htm to iisstart. Close Internet Explorer. and browse to http://localhost/salessupport_test /test. Notice the error. In Internet Explorer. Open Internet Explorer. Save the file and close Notepad. add the following security section: <security> <requestFiltering> <fileExtensions allowUnlisted="false" > <add fileExtension=".

Lab Instructions: Configuring IIS 7.0 Modules Contents: Exercise 1: Configuring and Editing Native Modules Exercise 2: Configuring and Editing Managed Modules 2 6 .0 Modules 1 Module 4 Lab Instructions: Configuring IIS 7.

2 Lab Instructions: Configuring IIS 7. To reduce the server footprint and vulnerability. test. you must remove the unnecessary modules.0 Modules Lab: Configuring and Editing Modules Exercise 1: Configuring and Editing Native Modules Scenario You received a service request from the application development team specifying the modules that are required to install. . and run an application on the specified Web server.

Examine the modules currently installed on the Web server. 3. Task 1: Start the 6427A-NYC-WEB-B virtual machine and log on as Administrator • Start 6427A-NYC-WEB-B. Remove the Default Document Module and the Directory Listing Module. 7. Restore the modules to the Web server configuration. Validate that the modules have been removed and test the new server configuration. The main tasks for this exercise are as follows: 1. 5. Start the 6427A-NYC-WEB-B virtual machine and log on as Administrator. Task 2: Backup the current Web server configuration • Open command prompt and use appcmd to backup the server configuration. . Validate that the modules have been restored and test the server configuration. Backup the current Web server configuration. 6. and log on as Administrator with the password of Pa$$w0rd. 2.0 Modules 3 Exercise Overview In this exercise. students will learn how to remove native modules from a Web server to improve security and reduce the server footprint. 4.Lab Instructions: Configuring IIS 7.

Use Notepad to edit the applicationHost.0 Modules Task 3: Examine the modules currently installed on the Web server • Use the IIS Manager to examine the modules.config. 2. Script"> tag. . Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the <globalModules> tag. Task 4: Remove the Default Document Module and the Directory Listing Module 1. 5. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the <modules> tag. Delete the references to the DefaultDocumentModule and the DirectoryListingModule from within the <handlers accessPolicy="Read. 3.4 Lab Instructions: Configuring IIS 7. Browse the default Web site. 4.

Task 7: Validate that the modules have been restored and test the server configuration • Open command prompt and use appcmd to backup the server configuration. Use Internet Explorer to check the default Web site. 3. and then confirmed that the server operates as expected . 2. Results: After this exercise.0 Modules 5 Task 5: Validate that the modules have been removed and test the new server configuration 1.aspx Task 6: Restore the modules to the Web server configuration • Open command prompt and use appcmd to restore the server configuration. you should have successfully removed native modules from a Web server.Lab Instructions: Configuring IIS 7. Use Internet Explorer to retrieve the default Web page. Use IIS Manager to validate that the removed modules entries are missing. • Default Web pageURL: http://localhost/default.

Exercise Overview In this exercise. Examine the modules currently running on the Web server. You need to make sure that the Output Cache module is installed and configured as specified in the service request. 5. students will learn how to add new managed modules to a Web server. 6. 3. 2.6 Lab Instructions: Configuring IIS 7. Create a new folder: • 2. it has been determined that output caching would be beneficial on some of the applications on the Web server. Task 1: Install the logging managed module 1.0 Modules Exercise 2: Configuring and Editing Managed Modules Scenario To increase throughput. • • C:\inetpub\ logging_module\ Copy files for logging_module Web site. Confirm the installation of the logging managed module. Source: E:\Mod04\Labfiles\logging_module Destination: C:\inetpub\ logging_module\ . Test the Web site’s forms authentication page. 4. The main tasks for this exercise are as follows: 1. Test the new configuration. The development team also requested the installation of a new Managed Module that provides an additional level of logging for their application. Remove the forms authentication managed module. Install the logging managed module.

Lab Instructions: Configuring IIS 7. Load the Web site's second page. 3. 4. Use IIS Manager to examine the modules for the logging_module Web site. 2.0 Modules 7 3.com Password: Pa$$w0rd Memo: Woodgrove Confidential Memo . • Location: C:\inetpub\logging_module\logs Task 3: Test the Web site’s forms authentication page • Use Internet Explorer to log into the default Web site and retrieve a confidential memo. • • • • Destination: Shared Documents Email: lmartin@woodgrovebank. Examine the logs created by the logging_module Web site. Use Internet Explorer to view the logging_module Web site. Change the security for C:\inetpub\logging_module\logs to allow Users (NYC-WEB-B\Users). 4. Use IIS Manager to add a new Web site: • • • Site name: logging_module Physical path: C:\inetpub\logging_module Port: 8181 Task 2: Confirm the installation of the logging managed module 1.

Task 6: Test the new configuration • Attempt to view the Shared Documents folder again using Internet Explorer. you should have successfully added a managed module to the Web server.0 Modules Task 4: Examine the modules currently running on the Web server • Use IIS Manager to examine the OutputCache module.8 Lab Instructions: Configuring IIS 7. . Results: After this exercise. Task 5: Remove the forms authentication managed module • Use IIS Manager to remove the FormsAuthentication module.

and Access Exercise 3: Configure Logging 3 7 13 .0 Web Server and Web Sites 1 Module 5 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites Contents: Exercise 1: Configure a Secure Web Server Exercise 2: Configure Authorization. Authentication.Lab Instructions: Securing the IIS 7.

2 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites Lab: Securing IIS 7.0 Web Server and Web Sites .

Start the 6427A-NYC-DC1 virtual machine and log on as Administrator. Additional ISAPI and CGI restrictions need to be put into place. Herbert Dorner. Then you are given a list of accounts authorized for a specific site. Start the 6427A-NYC-WEB-B virtual machine and log on as Administrator. You must give separate access to the IT Admin group and the developer. 6.1. 8. . Examine the current ISAPI and CGI Restrictions. 9. 4. Create a self-signed server certificate for the Web server.0 Web Server and Web Sites 3 Exercise 1: Configure a Secure Web Server Scenario Additional security measures need to be put in place to protect the Web server. These measures will protect the Web server against unauthorized access by specific IP addresses and domains. 5. Set the rights and permissions for Active Directory users. 3. 2. 7. Block IP addresses as specified in the service request.1. Install the . The main tasks for this exercise are as follows: 1. Set ISAPI and CGI restrictions to use ASP.NET version 1.Lab Instructions: Securing the IIS 7. Test and validate the new configuration.NET Framework 1.

1 Add a deny rule entry: IPv4 address: 10.0 .0 Mask: 255. Task 3: Create a self-signed server certificate for the Web server 1. 2. 3. set IPv4 Address and Domain Restrictions.10.255.20. On NYC-WEB-B. Add a deny rule entry: • 3. and log on as Administrator with the password of Pa$$w0rd. open the IIS Manager. 2. • • Specific IPv4 address: 10. Task 2: Start the 6427A-NYC-WEB-B virtual machine and log on as Administrator • Start 6427A-NYC-WEB-B.255.4 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites Task 1: Start the 6427A-NYC-DC1 virtual machine and log on as Administrator • Start 6427A-NYC-DC1.10. Create a Self-Signed Certificate: • Friendly name: woodgrovebank Task 4: Block IP addresses as specified in the Service Request 1. Open Server Certificates. Using the IIS Manager.10.

• • • • • Folder: C:\inetpub\wwwroot\ Location: WoodgroveBank.0 Web Server and Web Sites 5 Task 5: Examine the current ISAPI and CGI Restrictions • Using the IIS Manager. Task 6: Install the .NET Framework 1.com Object names to select: ITAdmins_WoodgroveGG Object names to select: Herbert Allow: Full control .exe Task 7: Set ISAPI and CGI restrictions to use ASP.1 1.1 Service Pack 1. Install the . examine the ISAPI and CGI Restrictions.1.1 1. File location: E:\ Mod05\Labfiles Installer: NDP1. • • 2. • • File location: E:\ Mod05\Labfiles Installer: dotnetfix.Lab Instructions: Securing the IIS 7.1sp1-KB867460-X86.exe Install the . Allow ASP.NET v1.NET Framework 1.NET version 1. 2.NET Framework 1.4322. Task 8: Set the rights and permissions for Active Directory users • Set the rights and permissions for Active Directory users. Using the IIS Manager.1. set the ISAPI and CGI Restrictions.

and Active Directory permissions. as specified in a service request document .6 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites Task 9: Test and validate the new configuration • Validate the new configuration. • • Group or user names: ITAdmins_WoodgroveGG Group or user names: Herbert Dorner Results: After this exercise. ISAPI and CGI restrictions. you should have successfully set IP restrictions.

such as a jpg. An application is protected with forms authentication. You must configure the protected content to use the managed forms authentication module. Modify the applicationHost. by entering the direct URL path and file name. 2. Reconfigure the authorization and authentication so that the protected content uses forms authentication. 5. 4. Authentication. 3.Lab Instructions: Securing the IIS 7. Test and validate the Web site’s new configuration Task 1: Turn off the Web site cache for the shared documents folder • Using the IIS Manager. but it is discovered that some of the content can bypass forms authentication and still be accessed. 6. • • Name: Cache-Control Value: no-cache .config file to handle forms authentication. and Access Scenario Additional security measures need to be put in place to protect the Web server. The main tasks for this exercise are as follows: 1. add Custom HTTP Response Header. Sign into the Woodgrove Bank Web site and retrieve the confidential memo.0 Web Server and Web Sites 7 Exercise 2: Configure Authorization. Turn off the Web site cache for the shared documents folder. Bypass the Web site forms authentication.

WebServer.config Section: <configSections> Original code: <section name="authorization" overrideModeDefault="Allow" /> • Replacement code: <section name="authorization" type="System. • Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo. PublicKeyToken=31bf3856ad364e35" overrideModeDefault="Allow" /> .com Password: Pa$$w0rd Memo: Woodgrove Confidential Memo Sign-out of the Web site.0 Web Server and Web Sites Task 2: Sign into the Woodgrove Bank Web site and retrieve the confidential memo 1. Use Internet Explorer to log into the default Web site and retrieve a confidential memo.0.config file: • • • • File location: C:\windows\system32\inetsrv\config File name: applicationHost.UrlAuthorizationSection.ApplicationHost. culture=neutral.jpg Task 4: Modify the applicationHost.8 Lab Instructions: Securing the IIS 7. Version=7. Destination: Shared Documents Email: lmartin@woodgrovebank.config to unlock the URL Authorization <configSections> section by changing the override mode default to allow • Unlock URL Authorization in the applicationHost. System. Task 3: Bypass the Web site forms authentication • Use Internet Explorer to retrieve the Confidential Memo.Configuration. • • • • 2.0.0.

NET AppPool" managedPipelineMode="Classic" /> • Replacement code: <add name="Classic .0 Web Server and Web Sites 9 Task 5: Modify the applicationHost.config <applicationPools> section to change the Classic .config file to disable all other authentication types except for anonymous • Disable all other authentication types except for anonymous in the applicationHost.Lab Instructions: Securing the IIS 7.config file: • • • • File location: C:\windows\system32\inetsrv\config File name: applicationHost.config Section: <authentication> Append enabled="false" to: • • • • clientCertificateMappingAuthentication digestAuthentication iisClientCertificateMappingAuthentication windowsAuthentication .config file: • • • • File location: C:\windows\system32\inetsrv\config File name: applicationHost.NET AppPool" managedPipelineMode="Integrated" /> Task 6: Modify the applicationHost.config Section: <applicationPools> Original code: <add name="Classic .NET application pool to Integrated mode • Change the Classic .NET application pool to Integrated mode in the applicationHost.

webServer> Original code: <add name="FormsAuthentication" type="System.DefaultAuthenticationModule" /> .FormsAuthenticationModule" preCondition="managedHandler" /> • Replacement code: <add name="FormsAuthentication" type="System.Security.10 Lab Instructions: Securing the IIS 7.config file to protect all content by removing the managedHandler precondition from the <system.Web.Web.config Section: <system.Security.DefaultAuthenticationModule" preCondition="managedHandler" /> • Replacement code: <add name="DefaultAuthentication" type="System.FormsAuthenticationModule" /> • Original code: <add name="DefaultAuthentication" type="System.Security.Web.config file: • • • • File location: C:\windows\system32\inetsrv\config File name: applicationHost.Web.webServer> section • Protect all content by removing the managedHandler precondition in the applicationHost.Security.0 Web Server and Web Sites Task 7: Modify the applicationHost.

com />.0 Web Server and Web Sites 11 Task 8: Reconfigure the authorization and authentication so that the protected content uses forms authentication 1.Lab Instructions: Securing the IIS 7.Config Section: <authorization> Add the line <allow users=lmartin@woodgrovebank. • • Launch Authentication Disable Anonymous Authentication . reconfigure authentication so that the protected content uses forms authentication.Config file: • • • • • File location: C:\inetpub\wwwroot File name: Web. Reconfigure authorization so that the protected content uses forms authentication in the Web. above the line <!--<deny users="?" />--> Original code: <<!--<deny users="?" />--> • Replacement code: <deny users="?" /> 2. Using the IIS Manager.

• Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo. the only way to obtain the memo is by having the correct credentials.jpg Results: After reconfigure the Web site’s authorization and authentication. . Use Internet Explorer and attempt to retrieve the Confidential Memo. Destination: Shared Documents Email: lmartin@woodgrovebank. 3. • • • • 2.0 Web Server and Web Sites Task 9: Test and validate the Web site’s new configuration 1.12 Lab Instructions: Securing the IIS 7. so that all content uses forms authentication and thereby protecting the confidential memo.com Password: Pa$$w0rd Memo: Woodgrove Confidential Memo Sign-out of the Web site. Use Internet Explorer to log into the default Web site and retrieve the confidential memo.

You must enable and configure logging and then test and verify the log. Using Internet Explorer. 2. Test the logging operations. Task 1: Examine and configure logging options • Using the IIS Manager. 2. Examine and configure logging options. . You received a service request to keep a log of all visitors to the Web server for the past 24 hours. View the log file: • Log file location: C:\ inetpub\logs\LogFiles\W3SVC1 Results: After examining the configuration of the Web server’s logging settings. refresh the Web site.0 Web Server and Web Sites 13 Exercise 3: Configure Logging Scenario Additional security measures need to be put in place to protect the Web server. set the logging options. • Select: Use local time for file naming and rollover Task 2: Test the logging operations 1.Lab Instructions: Securing the IIS 7. The main tasks for this exercise are as follows: 1. the current log file was examined and proven to successfully track the Web server’s activity.

Lab Instructions: Configuring Delegation and Remote Administration 1 Module 6 Lab Instructions: Configuring Delegation and Remote Administration Contents: Exercise 1: Configuring Remote Administration Exercise 2: Configuring Delegated Administration Exercise 3: Configuring Feature Delegation 2 4 8 .

2 Lab Instructions: Configuring Delegation and Remote Administration Lab: Configuring Delegation and Remote Administration Exercise 1: Configuring Remote Administration Scenario You need to be able to configure the server remotely. . You must enable remote administration and then test it by accessing the administration features from a remote computer.

but not the other sites hosted on the server. 2. Configure the IIS Management service to accept both Windows Credentials and IIS Manager Credentials. add the IIS Management Console. Task 2: Test NYC-WEB-B remote administration 1. On NYC-DC1.Lab Instructions: Configuring Delegation and Remote Administration 3 A new site has been set up and you have been asked to delegate the administration of the site to the business owner.htm at the first default document. Results: After completing this exercise. You must unlock the error page feature so that it can be delegated. • On the NYC-WEB-B Default Web Site. In this exercise you will practice configuring a Web server for remote administration. Test NYC-WEB-B remote administration. You will need to give the business owner permission to administer their site only. you should have configured the IIS Management Service to accept remote connections and you should have tested a remote connection from NYC-DC1. 2. Configure NYC-WEB-B for remote administration. Task 1: Configure NYC-WEB-B for remote administration 1. . On NYC-DC1. Start the IIS Management service. Add the IIS Management role service to NYC-WEB-B. You have been assigned a service request to allow all site owners to administer the error messages for their site. set index. 2. 3. use the IIS Management Console to connect to NYC-WEB-B. This exercise’s main tasks are: 1.

4. This exercise’s main tasks are: 1. A new site has been set up and you have been asked to delegate the administration of the site to the business owner. 2. Configure delegated administration for the Sales site. Configure delegated administration for the Human Resources site. but not the other sites hosted on the server. Share the Woodgrove sales Web site for Betsy Stadick. .4 Lab Instructions: Configuring Delegation and Remote Administration Exercise 2: Configuring Delegated Administration Scenario You need to be able to configure the server remotely. You will need to give the business owner permission to administer their site only. 3. Test delegated administration for the Human Resources and Sales sites. You have been assigned a service request to allow all site owners to administer the error messages for their site. You must unlock the error page feature so that it can be delegated. In this exercise you will practice delegating administration of two Web sites to the appropriate business owners. You must enable remote administration and then test it by accessing the administration features from a remote computer.

• • • • 2. share WoodgroveHRSite.config. On NYC-WEB-B. grant the Windows user Herber Dorner access to the HR site.Lab Instructions: Configuring Delegation and Remote Administration 5 Task 1: Configure delegated administration for the Human Resources site 1. Task 2: Share the Woodgrove sales Web site for Betsy Stadick • On NYC-WEB-B. Location: E:\Mod06\Labfiles Site: WoodgroveHRSite Administrator: Herber Dorner Rights: Co-owner Using IIS Manager. • • Use Notepad to open C:\windows\system32\intesrv\config \applicationhost.config. share the Woodgrove sales Web site for Betsy Stadick. Remove the following text: <anonymousAuthentication enabled="true" userName="IUSR" /> <basicAuthentication /> <clientCertificateMappingAuthentication /> <digestAuthentication /> <iisClientCertificateMappingAuthentication . • • • • Location: E:\Mod06\Labfiles Site: WoodgroveSalesSite Administrator: Betsy Stadick Rights: Co-owner Task 3: Configure delegated administration for the Sales site • Allow configuration override for the authentication section of applicationHost.

On NYC-DC1. <location overrideMode="Allow"> <system. • • • • • 3. Password: Pa$$w0rd Server name: NYC-WEB-B . 2.webServer> <security> <authentication> <anonymousAuthentication enabled="true" userName="IUSR" /> <basicAuthentication /> <clientCertificateMappingAuthentication /> <digestAuthentication /> <iisClientCertificateMappingAuthentication /> <windowsAuthentication /> </authentication> </security> </system.webServer> </location> • Save changes to the applicationHost.config file.6 Lab Instructions: Configuring Delegation and Remote Administration • Insert the following text on the line before </configuration>: The text is available in the file: C:\Mod06\Labfiles\EnableAnonymousAuthentication. Task 4: Test delegated administration for the Human Resources and Sales sites 1.txt. • • Password: Pa$$w0rd Server name: NYC-WEB-B Site name: HR User name: herbert@woodgrovebank. Use IIS Manager to connect to the HR site on NYC-WEB-B. log in as woodgrovebank\herbert with a password of Pa$$w0rd.com Connection Name: Human Resources Site Use IIS Manager to connect to the Sales site on NYC-WEB-B.

The web server is unable to service a request for a web page if no means for authentication is configured. you should have successfully delegated administration for the Human Resources Web site to Herber Dorner and delegated administration for the Sales Web site to Betsy Stadick. Insert the following text on the line before </configuration>: The text is available in the file: C:\Mod06\Labfiles\DisableAuthentications.config file.woodgrovebank. .com Question: Why does an error occur? Answer: This error occurs because Herbert was not granted IIS Manager permission on the Sales site.txt <system. • • Use Notepad to open \\NYC-WEB-B\WoodgroveSalesSite\Web. 7.config file for the Sales site.webServer> <security> <authentication> <windowsAuthentication enabled=”false” /> <anonymousAuthentication enabled="false" /> </authentication> </security> </system.Config. Use Internet Explorer to access http://sales. 4.Config. Attempt to configure \\NYC-WEB-B\WoodgroveHRSite\Web. Results: After completing this exercise. Save changes to the Web.webServer> • 6.Lab Instructions: Configuring Delegation and Remote Administration 7 • • Site name: Sales User name: herbert@woodgrovebank. Log in to NYC-DC1 as woodgrovebank\betsy with a password of Pa$$w0rd. Disable Windows authentication and anonymous authentication in the Web.com. Question: Why does the server report a 401 error? Answer: The server reports a 401 error because both Anonymous Authentication and Windows Authentication have been disabled. 5.

Test feature delegation for the Human Resources site. In this exercise you will practice configuring delegated administration so that all site owners can administer the error messages for their site.8 Lab Instructions: Configuring Delegation and Remote Administration Exercise 3: Configuring Feature Delegation Scenario You need to be able to configure the server remotely. 2. You will need to give the business owner permission to administer their site only. but not the other sites hosted on the server You have been assigned a service request to allow all site owners to administer the error messages for their site. use feature delegation to set Error Pages to Read/Write. You must unlock the error page feature so that it can be delegated. Configure feature delegation for the Human Resources and Sales sites. Task 1: Configure feature delegation for the Human Resources and Sales sites • On NYC-WEB-B. This exercise’s main tasks are: 1. . A new site has been set up and you have been asked to delegate the administration of the site to the business owner. You must enable remote administration and then test it by accessing the administration features from a remote computer.

you should have successfully configured the Human Resources and Sales sites so that the site owners can customize error pages for each site.com.woodgrovebank. 4.Lab Instructions: Configuring Delegation and Remote Administration 9 Task 2: Test feature delegation for the Human Resources site 1. Use Internet Explorer to open URL: http://hr. Set a custom error page of /ErrorPages/custom404. . On NYC-DC1.htm Results: After completing this exercise. log in as woodgrovebank\herbert with a password of Pa$$w0rd. Use IIS Manager to connect to the HR site on NYC-WEB-B with the user name herbert@woodgrovebank. 3.com/missingpage. 2.htm for the 404 error page.

0 Administration 1 Module 7 Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration Contents: Exercise 1: Manage IIS Web Sites with PowerShell Exercise 2: Use Microsoft.Administration Exercise 3: Automate IIS Administration using Scripts Exercise 4: Navigating IIS tasks using WMI and AppCmd 2 5 7 10 .Lab Instructions: Using Command-line and Scripting for IIS 7.Web.

0 Administration Exercise 1: Manage IIS Web Sites with PowerShell Scenario The development team requires additional tools to manage their Web sites. . First you need to make sure that PowerShell will correctly manage the server’s services and make sure it can successfully stop and start the Web service.2 Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration Lab: Using Command-line and Scripting for IIS 7.

Start the w3svc service using PowerShell. 6. Task 4: Stop the w3svc service using PowerShell • • Use the stop-service cmdlet. Task 3: Use PowerShell to identify running services that start with a w • Use the get-service -include w* | sort-object -property status cmdlet. 2. 4. Task 6: List the Powershell. Task 1: Start the 6427A-NYC-WEB-B virtual machine and log on as Administrator Task 2: Use PowerShell to identify all services • Use the get-service cmdlet. Task 5: Start the w3svc service using PowerShell • • Use the start-service cmdlet. . List the Powershell.exe'" cmdlet.0 Administration 3 In this exercise. 3. Use PowerShell to identify all services. Stop the w3svc service using PowerShell.exe process using the get-wmiobject cmdlet. you will learn how to use PowerShell to manage IIS 7. Use the get-service cmdlet to confirm. Use PowerShell to identify running services that start with a "w". Use the get-service cmdlet to confirm. Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator. The main tasks for this exercise are as follows: 1.Lab Instructions: Using Command-line and Scripting for IIS 7. 5.0.exe process using the get-wmiobject cmdlet • Use the Get-WmiObject -query "Select * From Win32_Process Where Name = 'powershell.

0 Administration Results: After this exercise. stopped and started services using PowerShell. . you should have successfully identified.4 Lab Instructions: Using Command-line and Scripting for IIS 7.

ServerManager).ServerManager).dll • • Open PowerShell. 3.Lab Instructions: Using Command-line and Scripting for IIS 7. Use the findsite function to list the default Web site. Task 1: Load Microsoft.Administration. Create a function using MWA to find Web sites. In this exercise. and then stop and start the default Web site.Web. you will learn how to use MWA to execute a script.Administration.Web.Web.Administration.Administration. Run the script and then check to make sure that the service is stopped.Web. the default Web site ID. Load Microsoft.Reflection. 2.Assembly]::LoadFrom(“C:\windows\system32\inetsrv\ Microsoft. 4.Administration Scenario You need to verify that a script will effectively stop and start using MWA.0 Administration 5 Exercise 2: Use Microsoft.Sites (New-Object Microsoft. Then restart the service using the script and verify that it is started. Use this command: [System. Get Web site information with MWA.Web.Name} . The main tasks for this exercise are as follows: 1.Administration.Sites | ForEach-Object {$_.dll.dll") Task 2: Get Web site information with MWA • • (New-Object Microsoft.Web.

0 Administration Task 3: Create a function using MWA to find Web sites • function findsite {$name=$args[0]. .Web. the default Web site ID. and then stop and start the default Web site Results: After this exercise.Sites | Where-Object {$_.ServerManager).Administration. } Task 4: Use the findsite function to list the default Web site.Name –match $name}).Administration to gather Web site information and created a function to start and stop the default Web site.6 Lab Instructions: Using Command-line and Scripting for IIS 7. you should have successfully used Microsoft. ((New-Object Microsoft.Web.

The main tasks for this exercise are as follows: 1. 2.Lab Instructions: Using Command-line and Scripting for IIS 7. Set execution policy to unrestricted. In this exercise.0 Administration 7 Exercise 3: Automate IIS Administration using Scripts Scenario The development team provided you with a script that lists Web sites on the server. 7. Use PowerShell script to find sites. Use PowerShell script to verify site was created. Review and run a script to create a Web site.PowerShell profile script to automatically load assemblies. Add a global variable to profile script. 4. A PowerShell script will be used to automate this task. 5. 3. You need to test and run the script using PowerShell. . List sites using global variable. Create Microsoft. You also need to deploy several identical Web sites using the same default content located on a share. you will learn how to use a PowerShell scripts. 6.

”} else {newitem –path $profile –itemtype file –force}.0 Environment Loader” echo “Copyright © 2006 Microsoft Corporation. Task 3: Add a global variable to profile script • Add this line to the profile script: new-variable iismgr –value (New-Object Microsoft.dll”) | ForEach-Object {[System.Reflection.Assembly]::LoadFrom( (join-path –path $inetsrvDir – childPath $_.Administration. All rights reserved.ServerManager) –scope “global” . notepad $profile Profile script: echo “Microsoft IIS 7.” echo “ Loading IIS 7.8 Lab Instructions: Using Command-line and Scripting for IIS 7.PowerShell profile script to automatically load assemblies • • To open profile script: if (test-path $profile) {echo “Path exists.0 Managed Assemblies” $inetsrvDir = (join-path –path $env:windir –childPath “\system32\inetsrv\”) Get-ChildItem –Path (join-path –path $inetsrvDir –childPath “Microsoft*.Web.” Task 2: Set execution policy to unrestricted • • View execution policy with get-executionpolicy cmdlet. Set execution policy with set-executionpolicy cmdlet.0 Administration Task 1: Create Microsoft.Name)) } echo “ Assemblies loaded.

you should have successfully created a Microsoft. Results: After this exercise.Web.Sites –scope “global” new-variable iisapppools –value (New-Object Microsoft.ServerManager).xml to c:\windows\System32\WindowsPowerShell\v1.ps1.0. you should have successfully created a site named NewSite.Find(“^Default*”). Save the script located in E:\Mod07\Labfiles\scripts\iis.type.ps1xml”) 3.types. Task 6: Review and run a script to create a Web site 1.ApplicationPools –scope “global” update-typedata –append (join-path –path $PSHome –childPath “iis. Finally. Copy the script to the C:\drive and run it from PowerShell.Find to locate NewSite. Task 7: Use PowerShell script to verify site was created • Use $iissites.PowerShell profile script. .exe.Administration. You should have also used a saved script to list Web site. 2.0 Administration 9 Task 4: List sites using global variable Task 5: Use PowerShell script to find sites 1.Web.Lab Instructions: Using Command-line and Scripting for IIS 7.Administration. 2. The script is located in E:\Mod07\Labfiles\scripts\CreateWebsite \CreateWebsite\CreateWebsite\Bin\Debug\CreateWebsite.ServerManager). At the PowerShell Command Prompt run $iissites. Type the following at the end of the profile script: new-variable iissites –value (New-Object Microsoft.

Store configuration information to file. 2. 6.10 Lab Instructions: Using Command-line and Scripting for IIS 7. 3. Open a Command Prompt. 5. 2. 4. Use AppCmd to recycle all running application pools. Use WMI to list the default Web site on the Web server. In this exercise. Move all applications in a site to NewAppPool apppool. Navigate to c:\windows\system32\inetsrv to run AppCmd. students will use WMI and AppCmd for IIS administration. Task 2: Use AppCmd to identify all running application pools Task 3: Use AppCmd to recycle all running application pools • Use this command: appcmd list apppool /xml | appcmd recyle apppool /in Task 4: Move all applications in a site to NewAppPool apppool • Use this command: appcmd list app /site. and then restore the configuration information.name:"NewSite" /xml | appcmd set app /in /applicationPool:NewAppPool .0 Administration Exercise 4: Navigating IIS tasks using WMI and AppCmd Scenario You need to verify which tasks are running on the server. Task 1: Use AppCmd to identify tasks running on the Web server 1. Use AppCmd to identify all running application pools. The main tasks for this exercise are as follows: 1. Use WMI and AppCmd to display the list of running tasks. Use AppCmd to identify tasks running on the Web server.

Get("Site.Echo " ID: " & oSite. .xml To restore configuration information: appcmd set config “Default Web site/” /in < config.Echo " Name: " & oSite. Using Notepad create a file named GetSite.0 Administration 11 Task 5: Store configuration information to file. move application and store configuration information to a file.ID 2.Name WScript. Open a Command Prompt and navigate to folder where GetSite.Echo "Retrieved an instance of Site " WScript.vbs script. You should have also successfully identified the default Web site using WMI. you should have successfully used AppCmd to recycle application pools. Results: After this exercise.vbs with the following code: Set oIIS = GetObject("winmgmts:root\WebAdministration") Set oSite = oIIS.vbs is located Type cscript //h:cscript. 4. 3.Name='Default Web Site'") WScript.xml Task 6: Use WMI to list the default Web site on the Web server 1. and then restore the configuration information • • To store configuration information: appcmd list config “Default Web Site/” /section:caching /xml /config > config.Lab Instructions: Using Command-line and Scripting for IIS 7. Run GetSite.

Lab Instructions: Tuning IIS 7.0 for Improved Performance Contents: Exercise 1: Deploying Applications Exercise 2: Configuring IIS Performance Options Exercise 3: Managing Application Pools to Improve Performance 2 5 8 .0 for Improved Performance 1 Module 8 Lab Instructions: Tuning IIS 7.

This exercise’s main tasks are: 1.2 Lab Instructions: Tuning IIS 7.0 for Improved Performance Exercise 1: Deploying Applications Scenario You receive a request to deploy a second copy of an installed application. and then deploy updates to the new installation so that the Enterprise Design QA team can test the proposed updates. students will learn how to deploy an application. 3. with Xcopy.NET and Dynamic Content Compression features to the IIS Role. . as well as application updates. 2. Start the 6427A-NYC-DC1 virtual machine. Exercise Overview In this exercise. Add ASP.0 for Improved Performance Lab: Tuning IIS 7. Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator.

. Create and assign an application pool for SalesSupport2 and test functionality.NET application files 1. use Server Manager to add the ASP. Task 4: Create the SalesSupport application and copy the ASP. Copy the application files from E:\Mod08\Labfiles\SalesSupport to c:\inetpub\wwwroot\SalesSupport. 6.NET and Dynamic Content Compression role services. Task 3: Add ASP. use IIS Manager to add the SalesSupport application with a physical path of c:\inetpub\wwwroot\SalesSupport. 2.NET and Dynamic Content Compression features to the IIS Role • On NYC-WEB-A. Deploy a second copy of the SalesSupport application named SalesSupport2 using Xcopy.Lab Instructions: Tuning IIS 7. Deploy the application updates to SalesSupport2 using Xcopy.0 for Improved Performance 3 4. On NYC-WEB-A. 5. 3. 2. Task 5: Deploy a second copy of the SalesSupport application named SalesSupport2 using Xcopy 1. Create the SalesSupport application and copy the ASP.NET application files. Task 1: Start the 6427A-DC1 virtual machine • Start 6427A-NYC-DC1. Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator • Start 6427A-NYC-WEB-A. and log on as LocalAdmin with the password of Pa$$w0rd. At the command prompt. Create a new directory named SalesSupport2. Use the xcopy command to copy all of the files and the directory structure from SalesSupport to SalesSupport2. 7. change directories to c:\inetpub\wwwroot.

and verified functionality. 2. . Task 7: Create and assign an application pool for SalesSupport2 and test functionality 1.4 Lab Instructions: Tuning IIS 7. add an application pool named SalesSupport2 and assign it to the SalesSupport2 application. In IIS Manager. 2.NET role service is installed. use Xcopy to copy the updated files from E:\mod08\labfiles\salessupport2 to c:\inetpub\wwwroot\salessupport2. Results: After this exercise. add the application SalesSupport2 with the physical path c:\inetpub\wwwroot\salesupport2. you should have successfully verified that the ASP.0 for Improved Performance Task 6: Deploy the application updates to SalesSupport2 using Xcopy 1. In IIS Manager. In Internet Explorer. deployed that SalesSupport2 application. browse to http://localhost/salesupport. At the command prompt. and then browse to http://localhost/salessupport2 and compare results.

Task 1: Use Performance Monitor to measure performance 1. With Performance Monitor running. 2.0 for Improved Performance 5 Exercise 2: Configuring IIS Performance Options Scenario Next you will configure performance options for the SalesSupport application. After the page loads. On NYC-WEB-A.aspx. Configure connection limit throttling. you will use Performance Monitor to look at the current machine performance. Close Internet Explorer. compression. Configure Compression. Examine the throughput in Performance Monitor. Then you will configure and test output caching. open Performance Monitor. Exercise Overview In this exercise. 3. 4. Use Performance Monitor to measure performance. 5. browse to http://localhost/salessupport/test. and throttling. This exercise’s main tasks are: 1. Remove all counters. and then add the Web Service counters Bytes Sent/sec for all instances. click refresh several times rapidly. 4. Notice that the time is dynamically updated with each refresh. First.Lab Instructions: Tuning IIS 7. Configure Output Caching. in Internet Explorer. 2. 3. . students will learn how to configure IIS Performance Options.

add a cache rule to the SalesSupport application for the extension . 3. In Internet Explorer. 3. and then delete the existing text and type 00:00:10. and then click refresh several times rapidly. browse to http://localhost/salessupport/test. 4. 2. browse to http://localhost/salessupport/test. In Internet Explorer. In Internet Explorer.6 Lab Instructions: Tuning IIS 7. In Reliability and Performance Monitor examine the throughput. 5. . browse to http://localhost and click refresh several times rapidly. In IIS Manager. browse to http://localhost. • • 2.aspx and click refresh several times rapidly for at least 30 seconds. Task 3: Configure Compression 1. Notice that the time updates with each refresh. enable static content compression for the default web site.aspx. Notice how often the time is updated.aspx and click refresh several times rapidly.0 for Improved Performance Task 2: Configure Output Caching 1. Select Kernel-mode caching. You may need to zoom in to see the difference. 6. In Internet Explorer. 4. Click refresh several times rapidly. Click At time intervals. Browse to http://localhost/salessupport2/test.aspx. In IIS Manager. In Reliability and Performance Monitor examine the throughput. In Reliability and Performance Monitor. compare the graphs for the two pages.

you should have configured performance options and verified functionality. 8. Close Internet Explorer. In Internet Explorer. Open Internet Explorer and browse to http://localhost. In IIS Manager. browse to http://localhost/salessupport/test.aspx and click refresh several times rapidly. Open two more tabs and browse to http://localhost so that you have three tabs open to http://localhost. Notice that all of the tabs refresh successfully. Task 4: Configure connection limit throttling 1. enable dynamic content compression. set a Web Site Limit for the default web site so that the number of connections is limited to 1. 4.0 for Improved Performance 7 7. Notice that one of the tabs now reports an error. open three tabs to http://localhost. In Reliability and Performance Monitor examine the throughput. Close Internet Explorer before continuing. 3. In Internet Explorer. Results: After this exercise. In IIS Manager. 10. 9. Right-click a tab and choose Refresh All. In Reliability and Performance Monitor examine the throughput and compare results.Lab Instructions: Tuning IIS 7. . 2. Right-click a tab and choose Refresh All.

8 Lab Instructions: Tuning IIS 7. Exercise Overview In this exercise. 3. open Internet Explorer and browse to http://localhost/salessupport. and browse to http://localhost/salessupport2. Recycle an application pool. 2. 2. In Reliability and Performance Monitor. Close Internet Explorer before continuing. On NYC-WEB-A. Open a second tab. Task 1: Use Reliability and Performance Monitor to measure resource usage 1. This exercise’s main tasks are: 1.exe and compare results.0 for Improved Performance Exercise 3: Managing Application Pools to Improve Performance Scenario You will now modify the application pools to improve resource usage. recycle the SalesSupport2 application pool. In IIS Manager. Examine the memory usage of w3wp. . 2. examine the memory and number of instances of w3wp. Assign SalesSupport and SalesSupport2 to the same application pool. 3. Task 2: Recycle an application pool 1. Use Reliability and Performance Monitor to measure resource usage. students will learn how to manage application pools to improve performance.exe and the number of instances. Open Reliability and Performance Monitor.

modify the SalesSupport2 application to use the default application pool. Open a second tab and browse to http://localhost/salessupport2. 2.exe.0 for Improved Performance 9 Task 3: Assign SalesSupport and SalesSupport2 to the same application pool 1. and verified resource usage with Reliability and Performance Monitor. examine the memory and number of instances of w3wp. you should have recycled and consolidated application pools. and then remove the SalesSupport2 application pool. . 3. Open Internet Explorer and browse to http://localhost/salessupport. In Reliability and Performance Monitor.Lab Instructions: Tuning IIS 7. In IIS Manager. Results: After this exercise.

Lab Instructions: Ensuring Web Site Availability with Web Farms 1 Module 9 Lab Instructions: Ensuring Web Site Availability with Web Farms Contents: Exercise 1: Backing Up an IIS Web Site Exercise 2: Restoring an IIS Web Site Exercise 3: Enabling Shared Configurations Exercise 4: Configuring Network Load Balancing 2 5 6 8 .

Before you begin. you will back up an existing site and verify that it can be restored properly.2 Lab Instructions: Ensuring Web Site Availability with Web Farms Lab: Ensuring Web Site Availability with Web Farms Exercise 1: Backing Up an IIS Web Site Scenario The Enterprise Design Team has asked you to explore options for increasing Web site availability. .

• • User: Woodgrovebank\Administrator Password: Pa$$w0rd . Task 1: Start the 6427A-NYC-DC1 virtual machine Task 2: Start the 6427A-NYC-WEB-D virtual machine and log on as Woodgrovebank\Administrator • Log on to NYC-WEB-D. 3. 4. Start the 6427A-NYC-DC1 virtual machine. • • User: Woodgrovebank\Administrator Password: Pa$$w0rd Task 3: Start the 6427A-NYC-WEB2 virtual machine and log on as Woodgrovebank\Administrator • Log on to NYC-WEB2. Start the 6427A-NYC-WEB-D virtual machine and log on as Woodgrovebank\Administrator. Backup the Web site. 2. Start the 6427A-NYC-WEB2 virtual machine and log on as Woodgrovebank\Administrator.Lab Instructions: Ensuring Web Site Availability with Web Farms 3 The main tasks for this exercise are as follows: 1. Web application. and config files to the E: drive.

Web application. . Create a new folder: • 2. and config files to the E: drive 1. • • E:\Web Site Backup Copy the files: Source: C:\inetpub\wwwroot Destination: \\NYC-WEB-D\E\Web Site Backup Results: After this exercise.4 Lab Instructions: Ensuring Web Site Availability with Web Farms Task 4: Backup the Web site. you should have successfully backed up a Web site. Provide the results of the exercise so students will know when and if they have completed the lab exercise successfully.

Restore the Web site. Web application. Copy the files: • • 3. and config files from the shared drive. 2.Lab Instructions: Ensuring Web Site Availability with Web Farms 5 Exercise 2: Restoring an IIS Web Site Scenario The Enterprise Design Team has asked you to verify that the backups can be restored properly. Do this by restoring the Web files to a second server and confirm that the second server functions properly. Source: \\NYC-WEB-D\E\Web Site Backup Destination C:\inetpub\wwwroot Refresh the default Web site in Internet Explorer on NYC-WEB2. Open the default Web site in Internet Explorer on NYC-WEB2. Task 1: Restore the Web site. Provide the results of the exercise so students will know when and if they have completed the lab exercise successfully. Web application. The main task for this exercise is: 1. you should have successfully restored a Web site to a second server. and config files from the shared drive 1. Results: After this exercise. .

Export configuration using IIS Manager.6 Lab Instructions: Ensuring Web Site Availability with Web Farms Exercise 3: Enabling Shared Configurations Scenario The next step is for increasing Web site availability. Add the second Web server to use the Shared Configuration. Task 1: Export and Enable Shared Configuration 1. . enable shared configuration. Now that you have two identically configured Web servers. Physical Path: \\NYC-WEB-D\E User name: Woodgrovebank\Administrator Password: Pa$$w0rd Encryption key password: Pa$$w0rd Using IIS Manager. start Management Service. • • • 2. 3. Server: NYC-WEB-D Physical Path: \\NYC-WEB-D\E Encryption keys password: Pa$$w0rd Using IIS Manager. 2. Test the Shared Configuration. Export and Enable Shared Configuration. • • • • 3. implement shared configurations for them. The main tasks for this exercise are as follows: 1.

enable shared configuration. check the default document for NYC-WEB2. Server: NYC-WEB2 Physical Path: \\NYC-WEB-D\E User name: Woodgrovebank\Administrator Password: Pa$$w0rd Encryption key password: Pa$$w0rd Using IIS Manager. • • • • • 2. Using IIS Manager. you should have successfully configured a two-server network with an underlying foundation of shared configurations. 1. . Task 3: Test the Shared Configuration. add the default document for NYC-WEB-D. • • 2.html Using IIS Manager. Using IIS Manager.Lab Instructions: Ensuring Web Site Availability with Web Farms 7 Task 2: Add the second Web server to use the Shared Configuration. start Management Service. Results: After this exercise. Server: NYC-WEB-D Name: test. 1.

10.0. configure Network Load Balancing to increase Web site availability. 4.21 Cluster IP Addresses.com . Create a new Network Load Balancing cluster. 3.0.27 Cluster IP Addresses. The main tasks for this exercise are as follows: 1. Verify Network Load Balancing using NLB commands. Task 1: Create a new Network Load Balancing cluster • Using Network Load Balancing Manager. add a new cluster. Subnet mask: 255.woodgrovebank.255. • • • • • • Server: NYC-WEB-D Host: NYC-WEB-D Interface IP address: 10. 2.0. Add the second server to the Network Load Balancing cluster.8 Lab Instructions: Ensuring Web Site Availability with Web Farms Exercise 4: Configuring Network Load Balancing Scenario With the two Web servers set up with Shared Configurations. Add the second host to the Network Load Balancing cluster. IPv4 address: 10.10.0 Full Internet name: cluster.

0.10. verify Network Load Balancing.26 Priority (unique host identifier): 2 Task 3: Add the second server to the Network Load Balancing cluster • Using Network Load Balancing Manager. Server: NYC-WEB-D Command: NLB display Results: After this exercise.27 Using the Command Prompt. add the second server to the cluster. • • • Host: NYC-WEB2 Local Area Connection interface IP address: 10. verify Network Load Balancing. Using the Command Prompt.10.27 Using the Command Prompt. . you should have successfully restored a Web site to a second server.10. Provide the results of the exercise so students will know when and if they have completed the lab exercise successfully. • • Server: NYC-WEB2 Command: NLB query 10.Lab Instructions: Ensuring Web Site Availability with Web Farms 9 Task 2: Add the second host to the Network Load Balancing cluster • Using Network Load Balancing Manager. • Server: NYC-WEB2 Task 4: Verify Network Load Balancing using NLB commands 1. verify Network Load Balancing. Server: NYC-WEB-D Command: NLB query 10.0. • • 2.0. add the second host to the cluster. • • 2.

Lab Instructions: Troubleshooting IIS 7.0 Web Servers 1 Module 10 Lab Instructions: Troubleshooting IIS 7.0 Web Servers Contents: Exercise 1: Troubleshooting Authentication Exercise 2: Troubleshooting Authorization Exercise 3: Troubleshooting Communication Exercise 4: Troubleshooting Configuration 2 5 7 9 .

you must resolve the problem. but is not allowing access to anyone. The passwordprotected intranet site is accessed by domain users within the company. Using logs and detailed error messages.0 Web Servers Lab: Troubleshooting IIS 7. .2 Lab Instructions: Troubleshooting IIS 7.0 Web Servers Exercise 1: Troubleshooting Authentication Scenario You receive a service request asking to resolve a user issue.

Examine the log file.0 Web Servers 3 Exercise Overview In this exercise. 5. 3. Reproduce the issue and examine the detailed error. Task 2: Start the 6427A-NYC-WEB-E virtual machine and log on as Woodgrovebank\Administrator • Start 6427A-NYC-WEB-E and log on as Woodgrovebank\Administrator. 4. 2.Lab Instructions: Troubleshooting IIS 7. password Pa$$w0rd. you will troubleshoot an authentication issue using IIS logs and detailed error messages. Task 1: Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator • Start 6427A-NYC-DC1 and log on as Woodgrovebank\Administrator. Resolve the issue and test functionality. password Pa$$w0rd. 6. This exercise’s main tasks are: 1. 7. Start the 6427A-NYC-WEB-E virtual machine and log on as Woodgrovebank\Administrator. Enable Detailed Error Messages. Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator. . Browse to http://localhost/salessupport.

2. Based on the detailed error. enabled detailed error messages. Task 4: Examine the log file • In C:\inetpub\logs\LogFiles\W3SVC1. browse to http://localhost/salessupport. and resolved the authentication issue. Task 6: Reproduce the issue and examine the detailed error • In Internet Explorer. enable Detailed errors for local requests and custom error pages for remote requests.4 Lab Instructions: Troubleshooting IIS 7. Note the substatus. test functionality by loading http://localhost/salessupport in the browser. you should have successfully examined the IIS log files. Task 5: Enable Detailed Error Messages • In IIS Manager. In Internet Explorer. modify the configuration in IIS Manager to correct the issue. open the most recent log file and look for the error. Results: After this exercise.0 Web Servers Task 3: Browse to http://localhost/salessupport • On NYC-WEB-E. . Task 7: Resolve the issue and test functionality 1. browse to http://localhost/salessupport to verify that the issue has been corrected. • Examine the detailed error information.

. browse to http://localhost/salessupport2. Enable Failed Request Tracing and add a rule to trace successful requests. Task 2: Enable Failed Request Tracing and add a rule to trace successful requests • In IIS Manager. determine the cause. You must reproduce the issue. Browse to http://localhost/salessupport2. add a Failed Request Tracing rule to trace successful requests. Reproduce the issue and examine the Failed Request Tracing log. 3. 2. and resolve the issue. 4.Lab Instructions: Troubleshooting IIS 7.0 Web Servers 5 Exercise 2: Troubleshooting Authorization Scenario You receive another service request to secure another Web site where all users are able to view the content. Resolve the issue and verify functionality. you will troubleshoot authorization using Failed Request Tracing. in Internet Explorer. This exercise’s main tasks are: 1. Exercise Overview In this exercise. Task 1: Browse to http://localhost /salessupport2 • On NYC-WEB-E.

you should have successfully enabled failed request tracing. browse to http://localhost/salessupport2 to verify that the issue has been corrected Results: After this exercise. . Examine the latest failed request tracing log in c:\inetpub\logs \FailedReqLogFiles\W3SVC1. browse to http://localhost/salessupport2. • In Internet Explorer.0 Web Servers Task 3: Reproduce the issue and examine the Failed Request Tracing log 1. Examine the authorization information in the log. In Internet Explorer.6 Lab Instructions: Troubleshooting IIS 7. modify the configuration in IIS Manager to correct the issue. and resolved the authorization issue. Task 4: Resolve the issue and verify functionality • Based on the log. 2.

0 Web Servers 7 Exercise 3: Troubleshooting Communication Scenario Users are reporting that a Web application is returning an error when they try to browse to it. This exercise’s main tasks are: 1. browse to http://nyc-webe/netapp/content. Correct the problem and verify functionality. 2. Task 1: Reproduce the issue • On NYC-DC1. 3. type ping NYC-WEB-E. Exercise Overview In this exercise. Use Ping to verify communication with the Web server. . Reproduce the issue. Task 2: Use Ping to verify communication with the Web server • At the command prompt. you will troubleshoot communication using tools. 4.Lab Instructions: Troubleshooting IIS 7. in Internet Explorer. You must troubleshoot why the Web application cannot open the content. and then press ENTER. Enable detailed errors and examine the detailed error.

correct the configuration based on the information from the detailed error. On NYC-WEB-E. 2. and resolved the error.8 Lab Instructions: Troubleshooting IIS 7. enabled detailed error messages. enable detailed errors. . in IIS Manager. In Internet Explorer. 2.0 Web Servers Task 3: Enable detailed errors and examine the detailed error 1. browse to http://localhost/netapp/content to verify that the error has been corrected. Results: After this exercise. in IIS Manager. On NYC-WEB-E. In Internet Explorer. browse to http://localhost/netapp/content. • Examine the detailed error information. you should used ping to verify communication. Task 4: Correct the problem and verify functionality 1.

browse to http://localhost/pics/logo. and resolved the error. Verify functionality. browse to http://localhost/pics/logo. 2.config file. examined the detailed error message.config and related files.config file located in c:\Pics. 2. Task 3: Verify functionality • In Internet Explorer. Exercise Overview In this exercise. Reproduce the issue and examine the detailed error message. This exercise’s main tasks are: 1. Task 1: Reproduce the issue and examine the detailed error message 1.Lab Instructions: Troubleshooting IIS 7. On NYC-WEB-E.jpg. . Results: After this exercise. • Correct the error and save the file based on the information from the detailed error. Examine and correct the web. 3. You know that multiple people have the ability to modify this site including Web.0 Web Servers 9 Exercise 4: Troubleshooting Configuration Scenario Users are reporting they receive multiple errors when trying to view JPG files that previously worked. you should have reproduced the problem.config file • Open the web. Task 2: Examine and correct the web. you will troubleshoot configuration using detailed error messages.jpg Examine the detailed error information. in Internet Explorer.

Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server Contents: Exercise 1: Installing IIS Using Role Manager Exercise 2: Installing IIS Using Unattended Setup Exercise 3: Installing IIS on Server Core from Command Line Exercise 4: Configuring IIS and Validating Functionality 2 5 8 10 .0 Web Server 1 Module 1 Lab Answer Key: Configuring an Internet Information Services 7.

you will learn how to install IIS 7. Start the 6427A-NYC-SVR1 virtual machine and log on as LocalAdmin. NYC-SVR3 User Name: LocalAdmin or Administrator Password: Pa$$w0rd Estimated time: 60 minutes Exercise 1: Installing IIS using Role Manager Scenario You receive a service request from the Enterprise Design Team to prepare three Web servers to host Web sites and Web applications. Exercise Overview In this exercise. 3. Install the Web server role. 2.2 Lab Answer Key: Configuring an Internet Information Services 7. One of the companies acquired by Woodgrove Bank has a classic ASP application that needs to be hosted in IIS7.0 using Role Manager. NYC-SVR2. This exercise’s main tasks are: 1. .0 Web Server Lab: Configuring an IIS 7.0 Web Server Logon Information: • • • Virtual Machine: NYC-SVR1. Turn on Network Discovery.

.0 Web Server 3 Note: If you have already logged on to a virtual machine. Click Add Required Features. click Close. 5. skip the logon task for that particular virtual machine. 3. Log on to NYC-SVR1 as LocalAdmin with the password of Pa$$w0rd. The Add Roles Wizard dialog box appears. Click Turn on network discovery and file sharing. 2. Task 1: Start the 6427A-NYC-SVR1 virtual machine and log on as LocalAdmin 1. Click Add Required Role Services. . click Add roles. click Start and click Server Manager. 7. turn on network discovery and file sharing for all public networks.Lab Answer Key: Configuring an Internet Information Services 7. Click Yes. When the installation is complete. Close Network. 6. 2. 4. Task 3: Install the Web server role 1. click Launch. Click to change. On NYC-SVR1. 10. next to 6427A-NYC-SVR1. Click Next and then click Install. select Web Server (IIS). 9. Click Next... in the Roles Summary section. In the Roles services box. click Start | Network. Task 2: Turn on Network Discovery 1. 2. Network computers and devices are not visible. On the Lab Launcher. 4. In the details pane. The Add Roles Wizard dialog box appears. On NYC-SVR1. 8. Click Next twice. Click the information bar with the text Network discovery and file sharing are turned off. The Add Roles Wizard dialog box appears. 5. In the Roles box. select ASP. 3.

Click Start | All Programs | Internet Explorer. 12. Notice that the IIS7 Welcome page loads. In the console pane. Notice that the Web Server (IIS) role is installed. . Browse to http://localhost. indicating that IIS is successfully installed and running. 15. The Microsoft® Windows Internet Explorer window opens. 13. expand Roles.0 Web Server 11. Results: After this exercise you should have successfully verified that the Web Server (IIS) role is installed and loaded the IIS Welcome page in Internet Explorer. 14.4 Lab Answer Key: Configuring an Internet Information Services 7.

Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server

5

Exercise 2: Installing IIS Using Unattended Setup
Scenario
Now you will set up the second IIS Web server to host the new ASP.NET application. You will install IIS by creating an Unattend.XML file based on the example given on the student CD by modifying it to only install the features needed. This will be an ASP.NET application server and will need to have all security, compression and caching features installed so that development can experiment with configuration.

Exercise Overview
In this exercise, you will learn how to install IIS using unattended setup. This exercise’s main tasks are: 1. 2. 3. 4. Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin. Turn on Network Discovery. Create the Unattend.XML file by copying the default XML file provided and removing unnecessary features. Install IIS using Pkgmgr with the Unattend.XML file and verify once completed.

Task 1: Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin
1. 2. On the Lab Launcher, next to 6427A-NYC-SVR3, click Launch. Log on to NYC-SVR3 as LocalAdmin with the password of Pa$$w0rd.

Task 2: Turn on Network Discovery
1. 2. On NYC-SVR3, click Start | Network. Click the information bar with the text Network discovery and file sharing are turned off. Network computers and devices are not visible. Click to change.... Click Turn on network discovery and file sharing. Click Yes, turn on network discovery and file sharing for all public networks.

3. 4.

6

Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server

5.

Close Network.

Task 3: Create the Unattend.XML file by copying the default XML file provided and removing unnecessary features
1. 2. 3. 4. 5. 6. Click Start, type Notepad, and then press Enter. The Notepad window opens. On the File menu, click Open. The Open dialog box appears. In the Text Documents list, click All Files. Browse E:\Mod01\Labfiles. Click unattend_all.xml and then click Open. Delete the following lines:
name="IIS-HttpRedirect" state="true"/> name="IIS-ASP" state="true"/> name="IIS-CGI" state="true"/> name="IIS-IIS6ManagementCompatibility" state="true"/> name="IIS-Metabase" state="true"/> name="IIS-WMICompatibility" state="true"/> name="IIS-LegacyScripts" state="true"/> name="IIS-LegacySnapIn" state="true"/>

<selection <selection <selection <selection <selection <selection <selection <selection

7.

The Unattend.Xml file needs to be modified with the correct

version number. It should read Version="6.0.6001.18000" (this will match the HAL major and minor version numbers). To do this, Edit Version=”6.0.6001.16659” to Version="6.0.6001.18000" 8. 9. On the File menu, click Save As. The Save As dialog box appears. Type c:\unattend.xml, and then click Save.

10. Close Notepad.

Task 4: Install IIS using Pkgmgr with the Unattend.XML file and verify once completed
1. Click Start, and then click Command Prompt.

Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server

7

2. 3. 4. 5. 6. 7. 8. 9.

Type cd \ and then press Enter. Type start /w pkgmgr /n:unattend.xml and then press Enter. When the process completes, type echo %errorlevel% and then press Enter. Note that it may take up to four minutes to complete. Notice that the return code is “0” indicating a successful installation. Type exit, and then press Enter. In Server Manager, in the console pane, expand Roles. Note that you may need to refresh the console. Notice that Web Server (IIS) is installed. Click Start | All Programs | Internet Explorer.

10. The Windows Internet Explorer window opens. Browse to http://localhost. 11. Notice that the IIS Welcome page appears.
Results: After this exercise you should have successfully installed IIS using an unattend file and verified the IIS Welcome page.

8

Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server

Exercise 3: Installing IIS on Server Core from Command Line
Scenario
The final server you will install is a Server Core Web server that will act primarily as a redirection server to the ASP server.

Exercise Overview
In this exercise, you will learn how to install IIS via the command line in a Server Core environment. This exercise’s main tasks are: 1. 2. 3. Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator. Disable the firewall. Install IIS from the command line.

Task 1: Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator
1. 2. On the Lab Launcher, next to 6427A-NYC-SVR2, click Launch. Log on to NYC-SVR2 as Administrator with the password of Pa$$w0rd.

Task 2: Disable the firewall
• On NYC-SVR2, in the command prompt window, type netsh firewall set opmode disable and press Enter.

Note: Disabling the firewall should not be done in a real-world environment as it is bad security practice.

indicating that the Web server role on NYC-SVR2 is installed and functioning. type echo %errorlevel%. .IIS-StaticContent. 5.WAS-WindowsActivationService.IIS-HttpRedirect. 3. Results: After this exercise you should have successfully installed IIS on Microsoft® Server 2008 Server Core from the command line and verified by loading the IIS Welcome page from another machine running Internet Explorer. in Internet Explorer. Type the following and then press Enter. Notice that the return code is “0” indicating a successful installation.0 Web Server 9 Task 3: Install IIS from the command line 1.IISCommonHttpFeatures. Note that the feature names are casesensitive: Start /w pkgmgr /iu:IIS-WebServerRole.WASProcessModel 2. Note that it may take up to two minutes to complete. On NYC-SVR1.IIS-DefaultDocument. Notice that the IIS Welcome page loads.Lab Answer Key: Configuring an Internet Information Services 7. 4. When the process completes.IIS-WebServer.IISHttpErrors. and then press Enter. browse to http://nyc-svr2.

6. 5. click True. In the Send Errors to Browser list. In the Connections pane. 2. 2. Exercise Overview In this exercise.10 Lab Answer Key: Configuring an Internet Information Services 7. Configure NYC-SVR3 to trace server errors. detailed error messages. enable directory browsing. 8. configure UDDI. In the Enable Client-side Debugging list. Configure NYC-SVR1 for ASP debugging. and then click Default Web Site. In the Actions pane. click Start | Administrative Tools | Internet Information Services (IIS) Manager. and enable dynamic output compression. enable windows authentication and impersonation. HTTP compression and SMTP Service. expand NYC-SVR1 | Sites. 7. In the Enable Server-side Debugging list. In the details pane. On NYC-SVR1. and redirect requests to NYC-SVR1. click True. . detailed error messages. 3.0 Web Server Exercise 4: Configuring IIS and Validating Functionality Scenario With the three Web servers installed. This exercise’s main tasks are: 1. Configure NYC-SVR2 to have no default documents. In the Compilation section. click Apply. expand Debugging Properties. you will configure common IIS features and validate functionality. 3. 4. double-click ASP. configure each as necessary to perform its function. and HTTP compression 1. Task 1: Configure NYC-SVR1 for ASP debugging. click True.

In the Actions pane. The Set Common HTTP Response Headers dialog box appears. In the Actions pane. 2. In the Connections pane. expand NYC-SVR3 | Sites. 21. In the Actions pane. browse to http://nycsvr1/default. 3. and then click OK. click Edit Feature Settings 19. In the details pane.asp. 17. Click Detailed errors. 16. Notice that you get a detailed HTTP Error 404 page. and enable dynamic output compression and SMTP 1. . and then click OK. 14. click Failed Request Tracing. click Default Web Site. 18. click Set Common Headers. double-click Error Pages. indicating that the NYCSVR1 web server has been configured properly. In the Connections pane. 15. double-click HTTP Response Headers. Select Expire Web content. 11. click Start | Administrative Tools | Internet Information Services (IIS) Manager. click Default Web Site. Notice that Enable static content compression is checked. configure UDDI. 10. enable directory browsing.0 Web Server 11 9. The Edit Error Pages Settings dialog box appears. Question: How does the Detailed Error page differ from the default Custom error page? Answer: The Detailed Error Page lists trace events and steps for troubleshooting. double-click Compression. enable windows authentication and impersonation. in the Internet Explorer. 20. Task 2: Configure NYC-SVR3 to trace server errors. 12. click Default Web Site. On NYC-SVR3. In the Connections pane.Lab Answer Key: Configuring an Internet Information Services 7. 13. In the details pane. In the Connections pane. On NYC-SVR3. and then click Default Web Site. In the details pane.

24. double-click Authentication. 11. Select UDDI Services Database and UDDI Services Web Application. and then click Next seven times. 23. in the IIS section. The Add Roles Wizard dialog box appears. 6. Click Next and then click Finish. click Default Web Site. and then in the Event severity list. and then click OK. 12. double-click Directory Browsing. 7. type 500. Select Event severity. 17. 14. In the Actions pane. In the details pane. In the Status code(s) field. right-click Roles and then click Add Roles.NET Impersonation. click Add. 10. and then click Next. In Internet Information Services (IIS) Manager. click Enable. and then click Next twice. in the IIS section. in the Connections pane. Click Add Required Role Services. in the console pane. 22. . 18. click Enable. double-click Failed Request Tracing Rules. Click Next. In the Actions pane. When installation completes. In Server Manager. Click Install. 20. click Enable. 15. Note that it may take up to eight minutes to complete. In the Actions pane. In the details pane.12 Lab Answer Key: Configuring an Internet Information Services 7. click ASP. 27. click Critical Error. In the Connections pane. Select UDDI Services. Click Do not require SSL. click Windows Authentication. 26. In the details pane. 16. in the IIS section.0 Web Server 4. 9. The Edit Web Site Failed Request Tracing Settings dialog box appears. click Close. 13. 8. In the details pane. 19. Select Enable. In the details pane. The Add Roles Wizard dialog box appears. 25. In the Actions pane. Click Next. click Default Web Site. 5. click Default Web Site. 21. In the Connections pane. The Add Failed Request Tracing Rule dialog box appears.

2. 34. type NYC-SVR3@WoodgroveBank.24. type cd \windows\system32\inetsrv\config and then press Enter. Browse to http://localhost/aspnet_client. type . 3. In the details pane.aspx. double-click SMTP E-mail. in the command prompt window. and change "true" to "false". 32. Select User-mode caching and then click OK.com. 37. 38. In SMTP Server field.config and then press Enter. and then click Copy Shortcut. The Add Cache Rule dialog box appears. 4. Under Detailed Error Information.com.NET section. 41. In the details pane.0 Web Server 13 28. Scroll down to <httpRedirect enabled="false" /> (approximately line 246). Type edit applicationHost. click Default Web Site. In Internet Explorer. Task 3: Configure NYC-SVR2 to have no default documents. Notice that there is a detailed HTTP Error 500.Lab Answer Key: Configuring an Internet Information Services 7. and redirect requests to NYC-SVR1 1. Click Start | Run. 40. Double-click W3SVC1. Scroll down to <defaultDocument enabled="true"> (approximately line 169). Click OK. type SMTP. browse to http://localhost/uddi.xml. click Apply. and modify this line to read: . in the IIS section. In the Actions pane. double-click Output Caching. 31. 44. 36. 35. Notice that there is a failed request log for the server error: fr00001. in the ASP.WoodgroveBank. Notice the UDDI Services page loads. click Add. right-click C:\inetpub\logs\FailedReqLogFiles. 42. 45. 43. 33. 29. In the Actions pane. On NYC-SVR2. In the Connections pane. Right-click the Open field and then click Paste. In the E-mail address field. 30. 39. In the File name extension field.

Do not save changes so they are reset to default for the next lab. Click the Quit button to exit. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. . click Exit. 7.10. an error message would be displayed and the address bar would still display http://nyc-svr2. 8. On NYC-SVR3. browse to http://nyc-svr2. On the File menu. Question: What would be displayed if redirection was not enabled? Answer: Since there is no default document. On the File menu.24. click Save.0 Web Server <httpRedirect enabled="true" exactDestination="false" childOnly="false" destination="http://10. 6. Notice that the IIS 7 Welcome page loads and the address field has changed to http://10.0.14 Lab Answer Key: Configuring an Internet Information Services 7. 9.10. Close each of the running virtual machines.24/" /> 5. Results: After this exercise you should have successfully configured and verified the configuration of the three web servers. in Internet Explorer.0.

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools 1 Module 2 Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools Contents: Exercise 1: Configuring Authentication Types Exercise 2: Creating a Web Site and Web Application Exercise 3: Creating an Application Pool Exercise 4: Configuring an Existing Application Pool 2 6 9 10 .

2

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

Lab: Configuring IIS 7.0 Web Sites and Application Pools
Logon Information:
• • • Virtual Machine: NYC-DC1, NYC-WEB-A, NYC-SVR1 User Name: Administrator Password: Pa$$w0rd

Estimated time: 60 minutes

Exercise 1: Configuring Authentication Types
Scenario
You receive a service request from the Enterprise Design Team to organize the existing NYC-WEB-A server into virtual directories by access level. There will be two access levels: public and restricted. Anyone on the network should be able to access the public content. Only authenticated users should be able to access restricted.

Exercise Overview
In this exercise, you will learn how to create virtual directories and configure anonymous authentication. This exercise’s main tasks are: 1. 2. 3. 4. 5. Start the 6427A-NYC-DC1 virtual machine. Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator. Add Basic, Windows Integrated and Digest Security features to the IIS Role. Create a virtual directory named Public. Configure the public virtual directory for anonymous authentication.

Note: If you have already logged on to a virtual machine, skip the logon task for that particular virtual machine.

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

3

Task 1: Start the 6427A-NYC-DC1 virtual machine
• On the Lab Launcher, next to 6427A-NYC-DC1 click Launch.

Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator
1. 2. On the Lab Launcher, next to 6427A-NYC-WEB-A click Launch. Log on to NYC-WEB-A as Woodgrovebank\Administrator with the password of Pa$$w0rd.

Task 3: Add Basic, Windows Integrated and Digest Security features to the IIS Role
1. 2. 3. On NYC-WEB-A, in Server Manager, in the console pane, expand Roles and then click Web Server (IIS). Right-click Web Server (IIS) and then click Add Role Services. The Add Role Services dialog box appears. In the Role services box, under Security, select Basic Authentication, Windows Authentication, and Digest Authentication. Click Next and then click Install. When the installation is complete, click Close. In the details pane, in the Role Services section, notice that Basic Authentication, Windows Authentication, and Digest Authentication are listed as Installed.

4. 5. 6.

Task 4: Create a virtual directory named public
1. 2. 3. 4. Click Start | Administrative Tools | Internet Information Services (IIS) Manager. In the Connections pane, expand NYC-WEB-A | Sites and then click Default Web Site. In the Actions pane, click View Virtual Directories. Click Add Virtual Directory.

4

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

5. 6. 7. 8. 9.

The Add Virtual Directory dialog box appears. In the Alias field, type Public. Next to the Physical path field, click the Browse (...) button. The Browse For Folder dialog box appears. Browse to C:\inetpub, and then click Make New Folder. Type Public, and then click OK. Click OK.

10. Click Start | Computer and then browse to C:\inetpub\wwwroot. 11. Select all, then right-click and then click Copy. 12. Browse to C:\inetpub\public, right-click, and then click Paste.

Task 5: Configure the public virtual directory for anonymous authentication
1. 2. 3. 4. 5. 6. 7. 8. 9. In Internet Information Services (IIS) Manager, in the Connections pane, expand Default Web Site and then click Public. In the details pane, double-click Authentication. Click Anonymous Authentication. Notice that it is enabled. In the Actions pane, click Edit. The Edit Anonymous Authentication Credentials dialog appears. Notice that Specific user is selected and set to IUSR. Click Cancel. In Server Manager, in the console pane, expand Configuration | Local Users and Groups and then click Users. In the details pane, right-click Guest, and then click Properties. The Guest Properties dialog box appears. Clear Account is disabled, and then click OK.

Note: It is a poor security practice and should not be done in a real-world scenario. 10. Click Start | Administrative Tools | Local Security Policy. 11. The Local Security Policy window opens. In the console pane, expand Local Policies and then click User Rights Assignment. 12. In the details pane, right-click Allow log on locally, and then click Properties.

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

5

13. The Allow log on locally Properties dialog appears. Click Add User or Group. 14. The Select Users, Computers, or Groups dialog box appears. Click Locations. 15. The Locations dialog box appears. Click NYC-WEB-A, and then click OK. 16. In the Enter the object names to select field, type Guest, and then click OK twice. 17. Close Local Security Policy. 18. Click Start | Switch User. 19. Logon as NYC-WEB-A\Guest with no password. 20. Click Start | All Programs | Internet Explorer. 21. The Windows Internet Explorer window opens. Browse to http://localhost. Note that we’ve set the default site to the Public virtual directory so there’s no need to use localhost/public. Notice that the IIS7 Welcome page loads. 22. Click Start | Switch User. 23. Log on as Woodgrovebank\Administrator with the password of Pa$$w0rd.
Results: After this exercise, you should have created virtual directories on the Web server and provided both public and restricted access levels to those directories.

click the Browse (. In Physical path.0 Web Sites and Application Pools Exercise 2: Creating a Web Site and Web Application Scenario Next you will create two web sites. in the employee and restricted virtual directories. On NYC-WEB-A.. This exercise’s main tasks are: 1. In the Site name field. in the Connections pane. 2.NET 3. and then click OK. and then click OK. 4. 4. click Add Web Site.. . Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG.) button. named Woodgrove and Exec respectively. In the Port field.NET 3. Type woodgrove. in Internet Information Services (IIS) Manager. and two web applications. 3. Task 1: Create a site named Woodgrove 1. Add the . 7. Exec will be a . type Woodgrove. Copy the Woodgrove application to the appropriate directory. click Sites. 2. Exercise Overview In this exercise. 5. Create a site named Woodgrove. and then click Make New Folder. The Browse For Folder dialog box appears. You will also delegate administrative access to ITAdmins_WoodgroveGG. Browse to C:\inetpub.0 Feature to the server. In the Actions pane. you will learn how to create web sites and applications. The Add Web Site dialog box appears.6 Lab Answer Key: Configuring IIS 7.0 application. type 88. 3. 6.

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

7

Task 2: Copy the Woodgrove Application to the Appropriate Directory
1. 2. 3. In Windows Explorer, browse to E:\Mod02\Labfiles\WoodGrove. Select all, then right-click, and then click Copy. Browse to C:\inetpub\woodgrove, right-click, and then click Paste.

Task 3: Add the .NET 3.0 Feature and ASP.NET to the server
1. 2. 3. 4. 5. 6. 7. 8. 9. In Server Manager, in the console pane, click Features. In the details pane, click Add Features. The Add Features Wizard dialog box appears. Select .NET Framework 3.0 Features. The Add Features Wizard dialog box appears. Click Add Required Role Services. Click Next twice. On the Select Role Services page, select ASP.NET. The Add Features Wizard dialog box appears. Click Add Required Role Services. Click Next, and then click Install. When the installation is complete, click Close.

Task 4: Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG
1. 2. 3. 4. 5. 6. Internet Information Services (IIS) Manager, in the Connections pane, expand Sites and then click Woodgrove. In the Actions pane, click Edit Permissions. The woodgrove Properties dialog box appears. Click the Security tab. Click Edit. The Permissions for woodgrove dialog box appears. Click Add. The Select, Users, Computers, or Groups dialog box appears. In the Enter the object names to select field, type ITAdmins_WoodgroveGG, and then click Check Names.

8

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

7. 8.

Click OK. Next to Full control, select Allow and then click OK twice.
Results: After this exercise, you should have successfully installed .NET 3.0 Framework, ASP.NET, and created the Woodgrove site and copied its content.

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

9

Exercise 3: Creating an Application Pool
Scenario
You will now create a new application pool for temporary applications.

Exercise Overview
In this exercise, you will learn how to create an application pool. This exercise’s main tasks are: • Create an application pool named TempPool.

Task 1: Create an application pool named TempPool
1. 2. 3. 4. 5. On NYC-WEB-A, in Internet Information Services (IIS) Manager, expand NYC-WEB-A and then click Application Pools. In the Actions pane, click Add Application Pool. The Add Application Pool dialog box appears. In the Name field, type TempPool. Click OK. In the details pane, notice that TempPool appears in the list of application pools.
Results: After this exercise, you should have successfully added an application pool named TempPool.

10

Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools

Exercise 4: Configuring an Existing Application Pool
Scenario
Next, you will configure the new application pools according to the needs for the new applications. You will also practice starting, stopping, and recycling the application pools and configuring health settings. You will also rename the Exec and Woodgrove pools to ExecPool and WoodgrovePool.

Exercise Overview
In this exercise, you will configure the application pools and validate functionality. This exercise’s main tasks are: 1. 2. 3. 4. 5. 6. 7. Rename Woodgrove to WoodgrovePool. Configure WoodgrovePool and the Woodgrove site for Windows Integrated authentication to allow all authenticated users. Configure TempPool to use LocalSystem as worker process identity. Stop, start and recycle WoodgrovePool. Configure TempPool for Classic Pipeline Mode. Remove TempPool. Configure Health and Recycling settings for WoodgrovePool.

Task 1: Rename Woodgrove to WoodgrovePool
1. 2. 3. 4. 5. 6. 7. 8. On NYC-WEB-A, in Internet Information Services (IIS) Manager, expand Sites and then click Woodgrove. In the Actions pane, click Basic Settings. The Edit Site dialog box appears. Click Select. The Select Application Pool dialog box appears. In the Application pool list, click TempPool, and then click OK twice. In the Connections pane, click Application Pools. In the details pane, click Woodgrove. In the Actions pane, click Rename. Type WoodgrovePool, and then press Enter.

next to 6427A-NYC-SVR1 click Launch. 5. .woodgrovebank. In the Actions pane. click Basic Settings. In the Actions pane. click Enable. Task 2: Configure WoodgrovePool and the Woodgrove site for Windows Integrated authentication to allow all authenticated users 1. Log on to NYC-SVR1 as LocalAdmin with the password of Pa$$w0rd.Lab Answer Key: Configuring IIS 7. 12.0 Web Sites and Application Pools 11 9. double-click Authentication. Click Start | All Programs | Internet Explorer. In the Connections pane.com. Note that this machine is not joined to the domain. 11. In the Connections pane. In the Application pool list. 8. click Disable. 2. 6. In the details pane. The Windows Internet Explorer window opens. 3. On the Lab Launcher. In the Actions pane. 10. The Edit Site dialog box appears. Notice that the IIS Welcome page appears indicating that the previous anonymous public site configuration is correct. 4. In the details pane. The Select Application Pool dialog box appears. click Anonymous Authentication. 7. click WoodgrovePool. click Woodgrove. 9. expand Sites and then click Woodgrove. Browse to http://nyc-weba. and then click OK twice. Click Select. Click Windows Authentication. 10.

In the Built-in account list. 6. Question: Why does Windows authentication fail? Answer: Because NYC-SVR1 is not joined to the Woodgrovebank domain.com:88. click Start | All Programs | Internet Explorer. 2. Under the Process Model section. In the details pane. The Advanced Settings dialog box appears. On NYC-WEB-A. In the details pane. In the Connections pane. in the Connections pane. click Stop.0 Web Sites and Application Pools 11. Notice that the Woodgrove Bank page appears. Task 3: Configure TempPool to use LocalSystem as worker process identity 1. Next to NetworkService. Notice that there is an error message and the page will not load. 4. 4. In the Actions pane. In Internet Information Services (IIS) Manager. click TempPool. 12. In the Actions pane. Browse to http://nyc-web-a. The Windows Internet Explorer window opens. click Application Pools. notice that the status of WoodgrovePool changes to Stopped. .12 Lab Answer Key: Configuring IIS 7. click Identity.) button.. click Application Pools.woodgrovebank. Task 4: Stop. 13. 7. click the Browse (. Windows authentication is successful. 5. In the details pane. 3. click LocalSystem. 3. click WoodgrovePool. Browse to http://localhost:88. the user account cannot be authenticated. Click OK twice. 2. start and recycle WoodgrovePool 1. click Advanced Settings.. Windows authentication has failed for this user/machine. The Application Pool Identity dialog box appears.

4. The Confirm Remove dialog box appears. click Recycle. 3. In the Connections pane. Click OK. click Application Pools. In the Managed pipeline mode list. Task 5: Configure TempPool for Classic Pipeline Mode 1. In the Actions pane. 7.Lab Answer Key: Configuring IIS 7. In the details pane. click TempPool. 6. click Application Pools. however the results may not be visible. 2. In the Actions pane. 4. Click Yes.0 Web Sites and Application Pools 13 5. click Classic. 3. In the Actions pane. click TempPool. click Basic Settings. click Remove. The Edit Application Pool dialog box appears. 5. click Start. Task 6: Remove TempPool 1. . In the Connections pane. WoodgrovePool recycles. In the Actions pane. In the details pane. In the details pane. 2. notice that the status of WoodgrovePool changes to Started.

Click the Quit button to exit. In the Actions pane. you should have successfully configured and verified the configuration of the application pools.14 Lab Answer Key: Configuring IIS 7. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. 11. The Edit Application Pool Recycling Settings dialog box appears. In the Fixed Number of requests field. Close each of the running virtual machines. . click Recycling. select Number of requests. 5. In the details pane. In the Actions pane. The Advanced Settings dialog box appears. click WoodgrovePool. Select Fixed number of requests. 2. Results: After this exercise. Click Finish. click Failure Interval (minutes).0 Web Sites and Application Pools Task 7: Configure Health and Recycling settings for WoodgrovePool 1. 8. type 10 and then click OK. click Advanced Settings. In the Connections pane. click Application Pools. 4. 7. type 1000. 6. 3. 10. In the Rapid-Fail Protection section. In the value column. On the Recycling Events to Log page. Do not save changes so they are reset to defaults for the next lab. Click Next. 9.

NET Exercise 2: Configuring ASP.0 Application Settings Contents: Exercise 1: Configuring ASP.Lab Answer Key: Configuring IIS 7.NET Security 2 8 12 19 .NET Application Development Settings Exercise 3: Configuring a Web Server to Host Multiple Applications with Separate Application Pools Exercise 4: Configuring ASP.0 Application Settings 1 Module 3 Lab Answer Key: Configuring IIS 7.

NET Scenario You receive a service request from the Enterprise Design Team to deploy an application server.0 Application Settings Logon Information: • • • Virtual Machine: NYC-DC1. .NET and Basic Security features to the IIS Role. This exercise’s main tasks are: 1.NET role service and configure ASP. Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator.2 Lab Answer Key: Configuring IIS 7. NYC-WEB-A User Name: Administrator Password: Pa$$w0rd Estimated time: 60 minutes Note: If you have already logged on to a virtual machine.NET. Exercise Overview In this exercise. skip the logon task for that particular virtual machine. Add ASP. You need to add and configure the ASP. 3. and set up custom error pages to handle HTTP errors. you will learn how to add the ASP. the error message returned to the client browser should direct the user to contact their district sales manager for login information. If there is an error. on the Web Server. The server will be available from the Internet and Sales Associates will need to log in with the user name “sales” and password “support” from their client’s sites to get contact information for support (This is a very poor security practice and all authenticated connections should use individual user names and you do not have appropriate permissions to set the username and password). 2. Start the 6427A-NYC-DC1 virtual machine. and Application Server role.NET role service.0 Application Settings Lab: Configuring IIS 7. This requires a medium level of security. Exercise 1: Configuring ASP. You will choose and configure the appropriate authentication model.

5. Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator 1. next to 6427A-NYC-WEB-A click Launch. 2. Task 3: Add ASP.NET and Basic Security features to the IIS Role 1. click Close. Configure Basic Security to allow access to authenticated Woodgrovebank domain users. The Add Role Services box appears. The Add Role Services dialog box appears. in the Role Services section. under Security. In the details pane.aspx for 401 errors. 2. notice that ASP. Create the SalesSupport application and copy the ASP. 7.aspx for all other errors.Lab Answer Key: Configuring IIS 7. Right-click Web Server (IIS). 4. under Application Development. in the console pane. Task 1: Start the 6427A-NYC-DC1 virtual machine • On the Lab Launcher. . and Other_Errors. On NYC-WEB-A. 5. and then click Install. and then click Add Role Services. 6. 3. next to 6427A-NYC-DC1 click Launch. Configure custom error pages for 401. On the Lab Launcher. In the Role services box. In the Role Services box. in Server Manager. select ASP. When the installation is complete. 8. Click Next. 6.NET application files.NET.0 Application Settings 3 4. Click Add Required Role Services.NET and Basic Authentication are listed as Installed. expand Roles and then click Web Server (IIS). Log on to NYC-WEB-A as Woodgrovebank\Administrator with the password of Pa$$w0rd. select Basic Authentication.

.NET application files 1. In the Actions pane. 3. Type SalesSupport and then click OK.4 Lab Answer Key: Configuring IIS 7. click Basic Authentication. Browse to C:\inetpub\wwwroot\SalesSupport. Task 5: Configure Basic Security to allow access to authenticated Woodgrovebank domain users 1. in the Connections pane. 6. Click Anonymous Authentication.) button. Click Start | Administrative Tools | Internet Information Services (IIS) Manager.. Click OK. 4. 7. 2. Select all. 7. then right-click and then click Copy. 5. In the details pane. click Enable. expand NYC-WEB-A | Sites and then click Default Web Site. and then click Paste. Click Edit. 6. 11. right-click. Click Start | Computer and then browse to E:\Mod03\Labfiles\SalesSupport. In the Actions pane. In the Connections pane. The Add Application dialog box appears. click View Applications. 9. In the details pane. In the Alias field. The Browse For Folder dialog box appears. 2. 3. Browse to C:\inetpub\wwwroot. In Internet Information Services (IIS) Manager. 8. and then click Make New Folder. 4.0 Application Settings Task 4: Create the SalesSupport application and copy the ASP. type SalesSupport. 5. 10. . expand Default Web Site and then click SalesSupport. Click Add Application. click Disable. click the Browse (. In the Actions pane. Next to the Physical path field. 12. double-click Authentication.

Click OK. The Connect to localhost dialog box appears. The Windows Internet Explorer window opens. Notice that there is a warning about basic authentication and insecure credentials. The Windows Internet Explorer window opens. The Connect to localhost dialog box appears. Close Internet Explorer. Click Start | All Programs | Internet Explorer. 11. Close Internet Explorer. The Edit Basic Authentication Settings dialog appears. 14. browse to E:\Mod03\Labfiles\WBErrors. 21.0 Application Settings 5 8. type Pa$$w0rd and then click OK.1 Unauthorized error. In the User name field.aspx for all other errors 1. Browse to http://localhost/salessupport. Note that Yvonne is a marketing account manager with a domain account in the Woodgrovebank domain. In Windows Explorer. Select all. 3. In the User name field. Browse to http://localhost/salessupport. type bob. Click OK two more times. and then click Paste. 19. In the Default domain and Realm fields. Browse to C:\inetpub\custerr\en-US. In the Password field. Notice that you get an HTTP 401. Notice that the Sales Support Resources page loads successfully. Note that detailed error messages show up locally by default. 16. 20. Note that Bob does not have a domain account in the Woodgrovebank domain. right-click and then click Copy. 12. right-click. Click Start | All Programs | Internet Explorer.Lab Answer Key: Configuring IIS 7. 17.aspx for 401 errors. 10. and Other_Errors. 18. type woodgrovebank. 15. Task 6: Configure custom error pages for 401. Leave the Password field blank and then click OK. type yvonne. 2. . 9. Note that you must close the browser to reset the session so you can try logging in as a different user. 13.

In the details pane. 15. delete the existing text and then type 401.aspx. Click OK twice. In Internet Information Services (IIS) Manager. 11. 5. Click Start | All Programs | Internet Explorer. 23. The Edit Custom Error Page dialog box appears. 18. Click Custom error pages. 6.aspx. click Edit. 10. Note that in a real world situation. under the Status Code column click 404. 21. Click Start | All Programs | Internet Explorer. 24. In the Actions pane. Leave the Password field blank and then click OK three times. Browse to http://localhost/salessupport. 14. delete the existing text and then type Other_Errors. The Windows Internet Explorer window opens. In the Actions pane. click 401. Click OK twice. type bob. 9. in the Connections pane. 13. 22. click Edit Feature Settings. click Edit. 19. double-click Error Pages. Browse to http://localhost/salessupport/brokenlink. The Set Localized Custom Error Path dialog box appears. In the User name field. 16. In the details pane. 8. In the Relative file path field. . Click Set. The Windows Internet Explorer window opens. In the Actions pane. The Edit Custom Error Page dialog box appears. The Edit Error Pages Settings box appears. Click OK. In the details pane. The Connect to localhost dialog box appears. click SalesSupport.6 Lab Answer Key: Configuring IIS 7. Notice that there is now a custom error message directing you to contact your district sales manager. under the Status Code column. 17. 7. 20. Click Set. In the Relative file path field. you would repeat these steps for each error that you wanted to assign to a custom error message. 25.0 Application Settings 4. Close Internet Explorer. 12. The Set Localized Custom Error Path dialog box appears.

In the User name field. configured Basic authentication. and verified custom error pages in Internet Explorer. this is a custom 404 error. Close Internet Explorer. Results: After this exercise. you should have successfully verified that the ASP. 28.Lab Answer Key: Configuring IIS 7. 27. and changes don’t seem to be taking effect.0 Application Settings 7 26. In the Password field. add the site to the allowed list. Notice that you get a custom error that is slightly different. type yvonne. type Pa$$w0rd and then click OK.NET role service is installed. be sure to clear the browser cache. Since the path “brokenlink” doesn’t exist. Tip: If you are having problems verifying your custom error settings. The Connect to localhost dialog box appears. If you are prompted. .

0.NET application development settings. Next you will create a custom control for testing the new configuration. you will learn how to configure ASP. You will need to enter the provided connection string. you will set some application settings and then verify that the application can read them by loading the custom test page. 2.NET Session State settings to rename the cookie to SalesSupport.NET Application Development Settings Scenario Next you will configure some test settings for the SalesSupport application.0 Application Settings Exercise 2: Configuring ASP. You will also rename the cookie that the page uses to SalesSupport. This exercise’s main tasks are: 1.0. The Enterprise Design team is planning on implementing a database to store the support resource data. Finally. Configure ASP. Add a custom control: Woodgrovebank.MDF.8 Lab Answer Key: Configuring IIS 7. 3. Configure ASP. .NET Connection Strings to connect to Resources.TestControls Version=1. Exercise Overview In this exercise.0 Add application settings at Site and Application levels. 4.

delete the existing text and then type SalesSupport_SessionID. 4.0 Application Settings 9 Task 1: Configure ASP. 6. in Internet Information Services (IIS) Manager. click SalesSupport. click Apply.0. 7. Click Custom. 2. 3. The Add Connection String dialog box appears. click Add.AttachDbFileName=e:\mod03\labfiles\resources. 3.TestControls Version=1. 4. 3. 2. In the Cookie Settings section. Task 3: Add a custom control: Woodgrovebank. click Register Controls. 2. double-click Pages and Controls.MDF 1. In the Actions pane. On NYC-WEB-A. In the details pane. double-click Session State.NET Connection Strings to connect to Resources. In the details pane.NET Session State settings to rename the cookie to SalesSupport 1. Click Add Custom Control. click SalesSupport. In the Action pane. double-click Connection Strings. . type LocalResources.Lab Answer Key: Configuring IIS 7. 5.IntegratedSecurity=True Click OK.0 1. mdf. Task 2: Configure ASP.0. In the Actions pane. In the Connections pane.\SQLEXPRESS. expand Sites | Default Web Site and then click SalesSupport. In the details pane. in the Connections pane. in the Name field. In the Name field. In the Custom field delete the existing text and then type data source=. 4. In the Connections pane.

click the Refresh button. Click Start | All Programs | Internet Explorer.aspx. 12.10 Lab Answer Key: Configuring IIS 7. The Windows Internet Explorer window opens. in the Connections pane. 6. In the Actions pane. 2. Browse to http://localhost/salessupport/test. Notice that the Woodgrove Bank Sales Application Settings Test Page opens. double-click Application Settings. Click OK. In Internet Explorer. click Default Web Site. Notice that it now reports “DefaultLocation = New York”. In the Tag prefix field type Woodgrovebank. Task 4: Add application settings at site and application levels 1. double-click Application Settings. 9. 8. type Pa$$w0rd and then click OK. 7. In the User name field. type TestControls. click Add. In the Value field. In the Password field.” 5. In the Name field. . 15. type DefaultLocation. 3. It should report “No Application Settings defined. In the Actions pane. type New York. Click OK. The Add Application Setting dialog box appears. type yvonne. In the Assembly field.0. 11.0 Application Settings 5. type Version=1. The Add Custom Control dialog box appears. click SalesSupport.0. Notice in the details pane that DefaultLocation is inherited. 13. In the details pane. In the Namespace field.0. 4. 7. 10. 14. 8. The Connect to localhost dialog box appears. In the details pane. In Internet Information Services (IIS) Manager. click Add. 6. In Internet Information Services (IIS) Manager. in the Connections pane.

NET development settings and verified test page functionality. you should have configured ASP. Notice that it now reports “DefaultLocation = New York” and “debug_mode = true”. 17. 18. This gives flexibility to the administrator to customize the application at deployment time. click the Refresh button. In the Value field. type debug_mode. 20.Lab Answer Key: Configuring IIS 7. 19. . Close Internet Explorer. Click OK. Results: After this exercise. Question: How might the application settings be used in real world Web applications? Answer: The application can customize content or actions based on the settings. The Add Application Setting dialog appears. In the Name field.0 Application Settings 11 16. In Internet Explorer. type true.

. 2. SalesSupport_De. 8. you will learn how to create an application pool. type SalesSupport. Configure application pool recycling for unlimited requests. Configure the SalesSupport .NET compilation debug setting to False.0 Application Settings Exercise 3: Configuring a Web Server to Host Multiple Applications with Separate Application Pools Scenario You will now deploy the SalesSupport application to two new instances. Another instance will be for the German division of Woodgrove and will need to be set for German globalization settings. 3. 7. Once instance will be a test deployment with additional testing configuration. Additionally. 3.12 Lab Answer Key: Configuring IIS 7. Configure the SalesSupport_Test application pool to record recycled events. SalesSupport_De. you will disable the debug mode for the production version of SalesSupport. Assign the applications to the appropriate application pools. and SalesSupport_Test. On NYC-WEB-A. and SalesSupport_Test 1. 6. Configure the SalesSupport_De application globalization settings for Germany. The Add Application Pool dialog box appears. This exercise’s main tasks are: 1. in Internet Information Services (IIS) Manager. click Add Application Pool. 4. In the Actions pane. Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and SalesSupport_Test directories. 4. 5. in the Connections pane. Create the applications SalesSupport_De and SalesSupport_Test. Create three application pools named SalesSupport. Exercise Overview In this exercise. Click OK. Task 1: Create three application pools named SalesSupport. 2. click Application Pools. In the Name field.

3. In the Name field. The Browse For Folder dialog box appears. Type SalesSupport_Test and then click OK twice. and then click Make New Folder. 12. Click Add Application. In the Connections pane. 6. 6. Click OK. Type SalesSupport_De and then click OK twice. click Default Web Site. 10. 13. Next to the Physical path field. In the Name field. The Add Application dialog box appears. In the details pane. 2. click the Browse (…) button. notice that SalesSupport. In the details pane. and then click Make New Folder. click View Applications. Next to the Physical path field. SalesSupport_DE. 8. Browse to C:\inetpub\wwwroot.0 Application Settings 13 5. click Add Application Pool. The Add Application Pool dialog box appears. Browse to C:\inetpub\wwwroot. The Add Application Pool dialog box appears. 7. click Add Application Pool. In the Actions pane. . click the Browse (…) button. The Browse For Folder dialog box appears. type SalesSupport_Test. 7. In the Alias field. 11. 10. Click Add Application. type SalesSupport_Test. In the Alias field. 4. 8. 11. and SalesSupport_Test appear in the list of applications. Task 2: Create the applications SalesSupport_De and SalesSupport_Test 1. type SalesSupport_De. 5. type SalesSupport_De. 9. 9.Lab Answer Key: Configuring IIS 7. notice that SalesSupport. In the Actions pane. Click OK. The Add Application dialog box appears. and SalesSupport_Test appear in the list of application pools. In the Actions pane. SalesSupport_DE.

and then click OK twice. 5. 9. In the Application pool list. and then Backspace and change the last few characters of the previous command line to _Test. click /SalesSupport. In the Actions pane. 7. The Edit Application dialog box appears. in the Connections pane.0 Application Settings Task 3: Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and SalesSupport_Test directories 1. Type xcopy /e SalesSupport\*. 5. The Edit Application dialog box appears. 6.* SalesSupport_De and then press Enter. 3. click SalesSupport_De. In the details pane. 11. In the details pane. Type cd \inetpub\wwwroot and then press Enter.14 Lab Answer Key: Configuring IIS 7. click SalesSupport. click View Applications. The Select Application Pool dialog box appears. click /SalesSupport_Test. 8. Click Start | Command Prompt. 3. In Internet Information Services (IIS) Manager. click Basic Settings. click /SalesSupport_De. In the details pane. click Basic Settings. 2. Type dir SalesSupport_De and then press Enter to confirm that the files were copied. In the Actions pane. The Select Application Pool dialog box appears. Task 4: Assign the applications to the appropriate application pools 1. Type dir SalesSupport_Test and then press Enter to confirm that the files were copied. and then click OK twice. 2. 4.* SalesSupport_Test and then press Enter. Click Select. Type xcopy /e SalesSupport\*. Click Select. 6. In the Application pool list. In the Actions pane. and then press Enter. click Default Web Site. Shortcut: Press Up Arrow twice. 10. 4. .

2. click Enable. click Disable. 13. Task 5: Configure production application pool recycling for unlimited requests 1. click Basic Settings. In the Application pool list. 22. In the Actions pane. click Application Pools. double-click Authentication. 19. In the Actions pane. In the Default domain and Realm fields. 15.0 Application Settings 15 12. click Basic Authentication. Click Select. and then click OK twice. In the details pane. 23. click Disable. In the details pane. Click Edit. Click OK. 21. click SalesSupport. click SalesSupport_Test. click SalesSupport_Test. Click Anonymous Authentication. 25. The Edit Basic Authentication Settings dialog appears. 28. Click Anonymous Authentication. type woodgrovebank. The Select Application Pool dialog box appears. Click Edit. 29. In the Connections pane. type woodgrovebank. In the Default domain and Realm fields. 18. In the details pane. In the Actions pane. 17. 20. click Basic Authentication. 16. 31. 14. double-click Authentication. The Edit Basic Authentication Settings dialog appears. Click OK. The Edit Application dialog box appears. In the details pane.Lab Answer Key: Configuring IIS 7. 26. 32. click Enable. click SalesSupport_De. . In the Actions pane. 24. In the Connections pane. 30. In the Actions pane. In the Connections pane. 27. In the details pane.

In the Connections pane. 3. Clear Regular time intervals check box. 6. 2. Click Finish. Click Finish. and then click Next. The Edit Application Pool Recycling Settings dialog box appears. On the Recycling Events to Log page. 9. 7. 8. Under Behavior. click Apply. click SalesSupport.NET Compilation. 3. In the Actions pane. and Configuration changes. click Recycling. In the Actions pane. In the details pane. Select Fixed number of requests. 4. 4. 6.NET compilation? . In the Actions pane. Task 6: Configure the SalesSupport_Test application pool to record recycled events 1.0 Application Settings 3. Click Finish. double-click . type 1024 and then click Next. In the details pane. The Edit Application Pool Recycling Settings dialog box appears. The Edit Application Pool Recycling Settings dialog box appears. 5. Question: What is the advantage of disabling the debug setting in . in the Debug list. click SalesSupport_De. 2. Task 7: Configure the SalesSupport . click Recycling. click False. Ondemand.16 Lab Answer Key: Configuring IIS 7. In the Fixed number of requests field. 5. In the Actions pane. In the details pane. Clear the Regular time intervals check box. click SalesSupport_Test. 4. and then click Next.NET compilation debug setting to False 1. click Recycling. select Number of requests.

click German (Germany) (de-DE). 6. The Task Manager window opens. 12. type Pa$$w0rd and then click OK. click Close Tabs. 17. 9. click German (Germany) (de-DE). Browse to http://localhost/salessupport.0 Application Settings 17 Answer: The compiled code will be smaller and faster without debug code. the cultural default for Germany. double-click . 13. click SalesSupport_De. 16. Close Task Manager. 14. . Click Start | All Programs | Internet Explorer. 5. notice that there are at least three instances of w3wp. The Connect to localhost dialog box appears. 2. Task 8: Configure the SalesSupport_De application globalization settings for Germany 1. In the Actions pane. Under the Image Name column. Right-click the notification area and then click Task Manager.mm. In the User name field. browse to http://localhost/salessupport_de/test.exe running. 8. 11. 4. Open a third tab and then browse to http://localhost/salessupport_de.aspx. In Internet Explorer. In the Connections pane. Click the Processes tab. 3. The Windows Internet Explorer window opens. It is a good idea to use this setting when an application is fully tested and deployed to final production.NET Globalization. click Apply. Notice that the date is now in dd. In the Password field. 15. indicating at least three separate application pools. type yvonne.yyyy format. 10. In the Internet Explorer dialog box. In the details pane. In the Culture list. Close Internet Explorer. Open a second tab in Internet Explorer and then browse to http://localhost/salessupport_test. In the UI Culture list. 7.Lab Answer Key: Configuring IIS 7.

0 Application Settings Results: After this exercise. configured recycling and debug settings. you should have successfully deployed multiple applications with separate application pools.Net globalization settings. and configured and verified . .18 Lab Answer Key: Configuring IIS 7.

4. click Generate Keys. 4. Task 1: Set the machine key of SalesSupport_de 1. Exercise Overview In this exercise. click Apply. click Medium (web_mediumtrust.NET security settings. In the Actions pane. click SalesSupport_Test. 2. In the details pane. In the details pane. double-click .NET Security Scenario Next. and File and Folder security. This exercise’s main tasks are: 1.aspx page on SalesSupport.NET Trust Levels. 3.0 Application Settings 19 Exercise 4: Configuring ASP. 2. In the Trust level list. In the Actions pane. On NYC-WEB-A. you will configure ASP. Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test. 3. . 2. Configure the SalesSupport_Test site for medium trust level.config). 3. in Internet Information Services (IIS) Manager. in the Connections pane. Task 2: Configure the SalesSupport_Test site for medium trust level 1. you will configure the machine key.Lab Answer Key: Configuring IIS 7. double-click Machine Key. Enable Tracing and Logging for the SalesSupport_Test site. 5. click SalesSupport_De. . 4. Click Apply. Configure Request Filtering so that only ASPX requests are processed. Set the machine key of SalesSupport_de. In the Connections pane.NET trust level.

Click Users (NYC-WEB-A\Users). 5. In the Connections pane. type ITAdmins_WoodgroveGG. Computer. . Click Check Names. 13. or Group dialog box appears. select Allow. Computer. The test. or Group dialog box appears. 9.0 Application Settings Task 3: Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test. Click Copy.aspx dialog box appears. 14. type Network Service. Clear the Include inheritable permissions from this object’s parent check box. The SalesSupport application pool is running under the Network Service account with pass-through authentication. In the details pane. and then click OK. The Permission Entry for test. In the Enter the object name to select field. 10. The Windows Security dialog box appears asking if you want to copy the inherited permissions. The Select User. 15. 4. 8. Click Add. and then click OK. 6.aspx dialog box appears. 2. 11. 3. click the Content View tab at the bottom of the window. Click Add. 19. 16. click Edit Permissions. In the Enter the object name to select field. Click the Security tab.aspx. 7. select Allow. click SalesSupport.aspx dialog box appears. we need to specifically allow the Network Service account. next to Full control. Click test. The Permission Entry for test. Click Check Names. Click Edit. In the Permissions section. The Select User. and then click Remove. In the Actions pane. next to Full control. 18. 17. Click OK.aspx Properties dialog box appears. Note that since we have removed Users.aspx page in SalesSupport 1. The Advanced Security Settings for test.20 Lab Answer Key: Configuring IIS 7. Click Advanced. In the Permissions section. 12.

modify the trace=”false” attribute to read trace=”true” so that the line reads: . and then click Add Role Services. browse to http://localhost/salessupport/test. Select Health and Diagnostics to select all of the Health and Diagnostics services. Close Internet Explorer. Click test. 9. 2. 6. In the first line of the file. 24. When the installation completes. 27.aspx. Click Next. In Server Manager. Note that Betsy is a member of the ITAdmins_WoodgroveGG security group.aspx. In the Password field. click Open. and then click Install. In Internet Explorer. expand Roles and then click Web Server (IIS).Lab Answer Key: Configuring IIS 7. Click Start. 7. 11. The Notepad window opens. Notice that Yvonne no longer has access to test. type Pa$$w0rd and then click OK. Click OK four times. click All Files. Browse to C:\inetpub\wwwroot\SalesSupport_Test. In the User name field. type Notepad and then press Enter. and then click Open. 28. 4. Click the Refresh button. 23. 10. type betsy. Click OK two more times. In the Password field. 22. 25. in the console pane. The Add Role Services dialog box appears. type Pa$$w0rd and then click OK. 21. type yvonne.0 Application Settings 21 20. 26. click Close. 5. The Connect to localhost dialog box appears. Task 4: Enable Tracing and Logging for the SalesSupport_Test site 1. Right click Web Server (IIS). The Open dialog box appears. On the File menu.aspx. In the User name field. 8. 3. Notice that Betsy has access to the page. In the Text Documents list. The Connect to localhost dialog box appears.

If the Connect to localhost dialog box appears. On the File menu. in the User name field. 16. browse to http://localhost/salessupport_test/test. click Add.22 Lab Answer Key: Configuring IIS 7. 13.aspx file. In the Password field. Notice that the warning message is red. click Failed Request Tracing. in the Connections pane. Select Enable. 24.aspx. 19. Question: How would an application use tracing? Answer: A developer can add trace commands to the Web application code to record information that can be used for debugging and monitoring. close and reopen IIS Manager for the added Health and Diagnostics features to appear. double-click Failed Request Tracing Rules. In the Trace Information section. On the fifth line of the file. In Internet Information Services (IIS) Manager.0 Application Settings <@ Page Language=”C#” trace=”true” %> 12. 18. Scroll down and notice that the trace information appears at the bottom of the page. In the Actions pane. In Internet Explorer. 22. The Edit Web Site Failed Request Tracing Settings dialog box appears. If Failed Request Tracing does not appear. type Pa$$w0rd and then click OK. the next to last lines contain the trace messages from the test. Close Notepad. In the Actions pane. and then click OK. type betsy. type This message should appear between the double quotes. click Save. so that the line reads: Response. .Write(“This message should appear”). Close Internet Explorer. 15. 21. 23. The administrator has the ability to enable or disable tracing as needed. Notice that This message should appear appears at the top of the page. 25. 20. In the details pane. 17. click Default Web Site. 14.

28. Under Verbosity.NET (*. Task 5: Configure Request Filtering so that only ASPX requests are processed 1.” appears. 34. 39. 38. In Internet Explorer. clear all check boxes except Page. . notice that it is set to Verbose. 32. Click OK. 40. 41. 43. The Add Failed Request Tracing Rule wizard appears. Click ASPNET. On the Specify Content to Trace page. click ASP. In Internet Explorer. In the Password field. and then click Next. under Providers. 30. 29. click All Files. On the Define Trace Conditions page. 44. 35. 27. 37. 33. The failed request log opens. type Pa$$w0rd and then click OK. 36.xml file.aspx). Click Finish. browse to http://localhost/welcome. In the Errors and Warnings section.0 Application Settings 23 26. and then click Open. Authentication is Basic. 42. click Expand All. Click Browse. Notice in the Request Summary section the details of the request: App Pool is SalesSupport_Test. If there is more than one.aspx. type betsy. If the Connect to localhost dialog box appears. Press CTRL + O. User from token is WOODGROVEBANK\betsy. in the Status code(s) field. click the most recent fr######. The Open dialog box appears. in the User name field. In the HTML Files list. clear all check boxes except ASPNET. Under Areas. Notice that the warning “This is a warning. browse to http://localhost/salessupport_test/test. 31. type 200 and then click Next.Lab Answer Key: Configuring IIS 7. Browse to C:\inetpub\logs\FailedReqLogFiles\W3SVC1.png. On the Select Trace Providers page.

click All Files. type Notepad and then press Enter. such as . Click web. On the File menu. 9.7 appears.png. press Enter and then add the following security section: <security> <requestFiltering> <fileExtensions allowUnlisted="false" > <add fileExtension=".24 Lab Answer Key: Configuring IIS 7.0 Application Settings Notice that the IIS7 graphic appears. Notice that the IIS7 Welcome page appears. 13. and then click Open. . Browse to http://localhost/iisstart. Detailed error messaging states that “The request filtering module is configured to deny the file extension”. Click Start. 16.WMA? Answer: Set the allowUnlisted property to “true”. 5. 4. 11.htm.aspx" allowed="true"/> </fileExtensions> </requestFiltering> </security> Question: How could you disable only certain extensions. After the sixth line. 10. Close Internet Explorer. <system. Browse to C:\inetpub\wwwroot. On the File menu click Open. Click Start | All Programs | Internet Explorer. Close Notepad. Browse to http://localhost/iisstart. The Open dialog box appears.MP3 and . In the Text Documents list. 14.config. 7. 3. 12. click Save. The Windows Internet Explorer window opens. The Notepad window opens. 6. Add the unallowed file extensions and set their allowed properties to “false”. Notice that HTTP Error 404. 2.htm. 8. Browse to http://localhost/welcome.webServer>. Click Start | Command Prompt. 15. Notice the same error.

aspx and then press Enter. you should have successfully configured and verified the configuration of the advanced security settings for ASP. Type dir.0 Application Settings 25 17. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. 21. Close each of the running virtual machines. browse to http://localhost/iisstart. Do not save changes so they are reset to default for the next lab.aspx. Results: After this exercise.Lab Answer Key: Configuring IIS 7. Click the Quit button to exit.aspx. 18. . Type cd \inetpub\wwwroot and then press Enter.htm *. In Internet Explorer. Notice that the page with the aspx extension loads without error but the image still does not display.NET. 20. and then press Enter and notice that the file was copied it iisstart. 19. Type copy iisstart.

0 Modules Contents: Exercise 1: Configuring and Editing Native Modules Exercise 2: Configuring and Editing Managed Modules 2 7 .Lab Answer Key: Configuring IIS 7.0 Modules 1 Module 4 Lab Answer Key: Configuring IIS 7.

7. Validate that the modules have been removed and test the new server configuration. Note: If you have already logged on to a virtual machine. Exercise Overview In this exercise. This exercise’s main tasks are: 1. 2.2 Lab Answer Key: Configuring IIS 7. Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator.0 Modules Lab: Configuring and Editing Modules Logon Information: • • • Virtual Machine: NYC-WEB-B User Name: Woodgrovebank\Administrator Password: Pa$$w0rd Estimated time: 60 minutes Exercise 1: Configuring and Editing Native Modules Scenario You received a service request from the application development team specifying the modules that are required to install. Backup the current Web server configuration. 4. 6. 3. and run an application on the specified web server. Restore the modules to the Web server configuration. you must remove the unnecessary modules. test. you will learn how to remove native modules from a Web server to improve security and reduce the server footprint. Remove the Default Document Module and the Directory Listing Module. Validate that the modules have been restored and test the server configuration. . Examine the modules currently installed on the Web server. skip the logon task for that particular virtual machine. 5. To reduce the server footprint and vulnerability.

In the details pane. 1. In the details pane. In the Group by list. in the Server Components section. click Module Type.0 Modules 3 Task 1: Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator 1. Notice that the AppCmd completes the backup and reports BACKUP object "original" added. click NYC-WEB-B. next to 6427A-NYC-WEB-B. click Launch. Task 2: Backup the current Web server configuration. 4. Click Start | Administrative Tools | Internet Information Services (IIS) Manager. 6.Lab Answer Key: Configuring IIS 7. In the Connections pane. Log on to NYC-WEB-B as Woodgrovebank\Administrator with the password of Pa$$w0rd. 2. 2. Close the Server Manager and click Start | Command Prompt. in the Group by list. 3. if Server Manager opens. On the Lab Launcher. click Category. double-click Modules. Type cd \windows\system32\inetsrv\ and then press Enter. Task 3: Examine the modules currently installed on the Web server 1. Question: What do the DefaultDocumentModule and DirectoryListingModules do? . where are the backup configuration file placed? Answer: In a new folder. Question: When using the appcmd add backup command. 5. 3. Type appcmd add backup original and then press Enter. 5. Notice that the DefaultDocumentModule and the DirectoryListingModule entries are listed in the Native Modules section. 4. in the C:\Windows\System32\inetserv\backup\ folder. 2. On NYC-WEB-B.

Find the <globalModules> section.dll" /> 8. 9. double-click applicationHost. Task 4: Remove the Default Document Module and the Directory Listing Module 1.webServer> section. when a folder or directory is specified by the URL. click Browse *:80(http). 5. In the details pane.DirectoryListingMod ule" resourceType="Either" requireAccess="Read" /> With the line: <add name="StaticFile" path="*" verb="*" modules="StaticFileModule" resourceType="Either" requireAccess="Read" /> . 4. 2. The Windows Internet Explorer window opens. 3.DefaultDocumentModule. Notice that the Woodgrove Bank page opens as expected. In the Actions pane.4 Lab Answer Key: Configuring IIS 7. The Notepad window opens. In the Connections pane.config. Click Start | Computer and then browse to C:\windows\system32\inetsrv\config\. 7.0 Modules Answer: The DefaultDocumentModule offers the functionality of offering the Web browser a default file when a specified folder or directory is specified by the URL. Scroll down to the bottom of the file and find the <system. expand NYC-WEB-B | Sites. 6. Script"> tag by replacing: <add name="StaticFile" path="*" verb="*" modules="StaticFileModule. and then click Default Web Site. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the <globalModules> tag by deleting these two lines: <add name="DefaultDocumentModule" image= "%windir%\System32\inetsrv\defdoc.dll" /> <add name="DirectoryListingModule" image= "%windir%\System32\inetsrv\dirlist. The DirectoryListingModule will supply the Web client with a list of the folder contents. Delete the references to the DefaultDocumentModule and the DirectoryListingModule from within the <handlers accessPolicy="Read.

In Internet Information Services (IIS) Manager. complete with a file name. in the Server Components section. click the Refresh button. In Internet Explorer. On the File menu. type appcmd restore backup original and then press Enter. Notice that the AppCmd completes the restore and reports that the original configuration has been restored. Task 5: Validate that the modules have been removed and test the new server configuration 1. In Internet Explorer. in the Connections pane. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the <modules> tag. . default. even though Internet Explorer indicates that it is done loading. browse to http://localhost/default. In the details pane. 2. Delete the two lines: <add name="DefaultDocumentModule" lockItem="true" /> <add name="DirectoryListingModule" lockItem="true" /> 11. 3. then the Web server will return that file to the Web client. 5. if available.Lab Answer Key: Configuring IIS 7. Question: Why did the Web page get restored after the file name.0 Modules 5 10. Close Notepad. Notice that the Web page is now blank. So if a full URL is specified. click NYC-WEB-B. notice that the DefaultDocumentModule and the DirectoryListingModule entries are gone. Task 6: Restore the modules to the Web server configuration • In the Command Prompt. click Save. 12. Notice that the Web page loads after you specify the default document. In the Native Modules section. 4.aspx was added to the URL? Answer: The Web server is still completely operational. double-click Modules.aspx. but no longer offers default documents or directory browsing.

and then click Refresh Notice that the page once again loads properly from the default document. 7.0 Modules Question: After the AppCmd completes the restore. Close Internet Explorer. Task 7: Validate that the modules have been restored and test the server configuration 6. where does it restore the configure files to? Answer: The files are restored to the C:\Windows\System32\inetsrv\config folder. and then confirmed that the server operates as expected. . Results: After this exercise.6 Lab Answer Key: Configuring IIS 7. Use IE to browse to http://localhost/. you should have successfully removed native modules from a Web server.

The logs Properties dialog box appears. you will learn how to add new managed modules to a Web server. Examine the modules currently running on the Web server. 2. 5. Right-click logs. 4. Browse to C:\inetpub\logging_module\logs\.Lab Answer Key: Configuring IIS 7. Click the Security tab. it has been determined that output caching would be beneficial on some of the applications on the web server. and then click New | Folder. 9. Test the new configuration. Right-click inetpub.0 Modules 7 Exercise 2: Configuring and Editing Managed Modules Scenario To increase throughput. Confirm the installation of the logging managed module. 2. . In Windows Explorer. then right-click and then click Copy. Install the logging managed module. Task 1: Install the logging managed module 1. Select all. Click Edit. 6. The development team also requested the installation of a new Managed Module that provides an additional level of logging for their application. 3. Type logging_module and then press Enter. This exercise’s main tasks are: 1. and then click Paste. 5. Remove the forms authentication managed module. right-click. and then click Properties. 8. 4. Exercise Overview In this exercise. Test the Web site forms authentication functionality. Browse to E:\Mod04\Labfiles\logging_module. browse to C:\inetpub\. 6. You need to make sure that the Output Cache module is installed and configured as specified in the service request. Browse to C:\inetpub\logging_module. 7. 10. 3.

next to Modify. Notice the log entries for http://localhost:8181/default. In the Actions pane.txt. 4. In the Actions pane. click logging_module. Click Cancel. 5. Double-click [yyyymmdd]. The Edit Managed Module dialog box appears. select Allow. in the Connections pane. click Add Web Site. 3. 2. In Windows Explorer. The Add Web Site dialog box appears. double-click Modules.0 Modules 11. In Internet Information Services (IIS) Manager. Click Go on to Second Page. 18. In the Actions pane. click Browse *:8181 (http). Task 2: Confirm the installation of the logging managed module 1. 6. In the Site name field. click Edit. type 8181. 12. click Users (NYC-WEB-B\Users). In the Physical path field. in the Server Components section. 16. 8. type logging_module. The Notepad window opens.8 Lab Answer Key: Configuring IIS 7. Notice that the second page loads. 10. Notice that the type is listed as HttpLogger. Close Internet Explorer. In the Permissions for Users box. 15. Click OK. 9. In Internet Information Services (IIS) Manager. click Sites. 13. type C:\inetpub\logging_module. In the Managed Modules section. In the details pane. In the Port field. click Logger.htm. 11. 14. 7. . 12.aspx and http://localhost:8181/second_page. The Permissions for logs dialog box appears. Click OK twice. in the Connections pane. 17. browse to C:\inetpub\logging_module\logs. In the Group or user names section. 19. The Windows Internet Explorer window opens.

in the Connections pane. type Pa$$w0rd.com. 3. 5. In the Email field. double-click Modules. in the Connections pane. 11. 4. click Browse *:80 (http). Click Woodgrove Confidential Memo. click Edit. 5. In the Actions pane.Lab Answer Key: Configuring IIS 7. Click Signout. Close Notepad. In Internet Information Services (IIS) Manager. Notice that the image representing the Woodgrove Confidential Memo appears. click No. Task 4: Examine the modules currently running on the Web server 1. 2. The logging_module web site was configured to use port number 8181. 7.0 Modules 9 Question: Why does the log file entries have the numbers 8181 listed? Answer: The logging module records the complete URL of the requested Web site files. Click Login. If you get the AutoComplete Passwords dialog box. 8. click NYC-WEB-B. Click the Back button. type lmartin@woodgrovebank. 10. 4. In the details pane. Notice that the module is configured properly and is set to run normally. 13. in the Server Components section. Task 3: Test the Web site forms authentication functionality 1. 9. In the Password field. 2. . click OutputCache. The Edit Managed Module dialog box appears. Click Home. In the Actions pane. which is a secondary Web site port. Click Shared Documents. In the Managed Modules section. click Default Web Site. 3. In the Internet Information Services (IIS) Manager window. 6. The Windows Internet Explorer window opens.

2. Close each of the running virtual machines. Question: Why is the Access denied error message displayed at this point? Answer: The Access is denied error message indicates that the logon failed because the forms authentication module has been removed. Click the Quit button to exit. click Default Web Site. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. 4. 2. you should have successfully added a managed module to the Web server. Task 6: Test the new configuration 1. click Remove. Do not save changes so they are reset to default for the next lab.0 Modules 6. Task 5: Remove the forms authentication managed module 1. Results: After this exercise. Click Cancel. click FormsAuthentication. click Shared Documents. in the Server Components section. 5. double-click Modules. 3.10 Lab Answer Key: Configuring IIS 7. Click Yes. In the Actions pane. The Confirm Remove dialog box appears. In the Internet Explorer window. In the details pane. . In the Connections pane. In the Managed Modules section. indicating that the logon failed because the forms authentication module has been removed. Notice that you now get Access is denied error message.

0 Web Server and Web Sites 1 Module 5 Lab Answer Key: Securing the IIS 7.Lab Answer Key: Securing the IIS 7. and Access Exercise 3: Configure Logging 2 8 15 .0 Web Server and Web Sites Contents: Exercise 1: Configure a Secure Web Server Exercise 2: Configure Authorization. Authentication.

1 Aspnet_isapi. NYC-WEB-B User Name: Woodgrovebank\Administrator Password: Pa$$w0rd Estimated time: 60 minutes Exercise 1: Configure a Secure Web Server Scenario Additional security measures need to be put in place to protect the Web server. Herbert Dorner.0 Web Server and Web Sites Lab: Securing the IIS 7.2 Lab Answer Key: Securing the IIS 7. Start the exercise by creating a self-signed server certificate. You must run the . These measures will protect the web server against unauthorized access by specific IP addresses and domains. You can follow these steps to set the ASP. Additional ISAPI and CGI restrictions need to be put into place.1 and that is configured to use ISAPI mode to process requests made to applications in the application pool.NET Framework 1. Start the 6427A-NYC-DC1 virtual machine. Finally. as specified in the service request document. You will then need to set the IP restrictions as outlined in the service request. This exercise’s main tasks are: 1. Then you are given a list of accounts authorized for a specific site. you have to create an application pool that uses .dll on your Web server.NET Framework 1. you will be supplied the service request document and the Active Directory account list.NET ISAPI to Allowed in the ISAPI and CGI Restrictions list.0 Web Server and Web Sites Logon Information: • • • Virtual Machine: NYC-DC1. set the Active Directory permissions. You must give separate access to the IT Admin group and the developer. Then set ISAPI and CGI restrictions. Exercise Overview In this exercise. . Finally.

click Create Self-Signed Certificate. double-click Server Certificates.NET version 1. click Start | Administrative Tools | Internet Information Services (IIS) Manager. On the Lab Launcher. click NYC-WEB-B.0 Web Server and Web Sites 3 2. Validate the new configuration. Log on to NYC-WEB-B as Woodgrovebank\Administrator with the password of Pa$$word. skip the logon task for that particular virtual machine. 6. 4. 1.NET Framework 1. 2. click Launch. in the Group by list. . 2.1. click Category. On NYC-WEB-B. Set ISAPI and CGI restrictions to use ASP.Lab Answer Key: Securing the IIS 7. Create a self-signed server certificate for the Web server. Block IP addresses as specified in the service request. 3. 4. In the details pane. Install the . Examine the current ISAPI and CGI Restrictions. 5. click Launch.1. 9. next to 6427A-NYC-DC1. 5. In the Actions pane. Note: If you have already logged on to a virtual machine. next to 6427A-NYC-WEB-B. Task 3: Create a self-signed server certificate for the Web server 1. In the Connections pane. 8. 7. In the details pane. Task 1: Start the 6427A-NYC-DC1 virtual machine • On the Lab Launcher. in the Security section. Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator. 3. Task 2: Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator. Set the rights and permissions for Active Directory users.

Task 4: Block IP addresses as specified in the service request 1. In the Mask field. 7.20.1. Notice that the new IP restrictions have been added to the list. you may not be able to trust the source. Question: When would you want to use this feature to block IP addresses? .10. 7.255.10. Click OK. The Add Deny Restrictions Rule dialog box appears. The Create Self-Signed Certificate dialog box appears. 8.4 Lab Answer Key: Securing the IIS 7. 10. although the data is secure. 3.255.10. type 10. Click IPv4 address range. The primary disadvantage of using self-signed certificates is that when used for public access. i. the user has no way to validate the authenticity of the certificate owner.e. 2. self-signed certificates have no financial cost associated with them. Question: What are the advantages and disadvantages of using self-signed certificates? Answer: The primary advantages of using a self-signed certificate are that it provides a secure method of transferring data. type 255. This implies that there is no reputable 3rd party verifying the certificate owner. Notice that the new self-signed certificate has been added to the certificate list. 6. 5. In the Connections pane.0. In the IPv4 address range field. In the details pane. click NYC-WEB-B.0. In the Specify a friendly name for the certificate field. type 10. click Add Deny Entry. 9. Unlike certificates offered by 3rd parties. So. double-click IPv4 Address and Domain Restrictions. if used for personal use. type woodgrovebank. In the Specific IPv4 address field. Click OK.0 Web Server and Web Sites 6. in the Security section. In the Actions pane. The Add Deny Restrictions Rule dialog box appears. Click OK. In the Actions pane. They provide a good solution for securing Web data transfer or personal information. 4. click Add Deny Entry.

Lab Answer Key: Securing the IIS 7.0 Web Server and Web Sites 5 Answer: An organization may want to block malicious users or restrict access from a certain domain or location. .

50727 are the only applications currently listed. In the Connections pane. 6. click Edit.1 Setup dialog box appears.0. asking you to agree to the license agreement. 5.NET v2.1 Setup dialog box appears. in the Security section.0 Web Server and Web Sites Task 5: Examine the current ISAPI and CGI Restrictions 1. Double-click dotnetfix. The Edit ISAPI or CGI Restriction dialog box appears.1 1. While it’s not a recommended practice. description. Click I agree. 2. click OK. 3. . 5. click Edit Feature Settings. When the installation is complete. you can easily allow unspecified CGI and ISAPI modules. 8.exe. The Microsoft . The Microsoft . 3. 2. Click Install. Notice that you can easily edit the ISAPI or CGI path. 4. Notice that Active Server Pages and ASP. In the Action pane. The Edit ISAPI or CGI Restrictions Settings dialog box appears. 8.1sp1-KB867460-X86. confirming if you want to install the . Note that it may take about four minutes to complete.NET Framework 1.NET Framework 1. 6. in the details pane.1 Service Pack 1 (KB867460) dialog box appears. click NYC-WEB-B. Click Start | Computer and then browse to E:\ Mod05\Labfiles. Click Cancel.NET Framework 1. 7. click Active Server Pages. 4. double-click ISAPI and CGI Restrictions.6 Lab Answer Key: Securing the IIS 7. In the details pane. double-click NDP1. The Microsoft . 7.exe. In the details pane. In the Windows Explorer window. 9. In the Actions pane. Task 6: Install the . Click Cancel.NET Framework 1.NET Framework package. Click OK. confirming if you want to install the Service Pack. Click Yes. and execution allow.

1 application pool has been added and started. then in the Location tree. 6. in the Security section. In the Actions pane. Note that it may take about two minutes to complete.0 Web Server and Web Sites 7 9. 5.1 1. If WoodgroveBank. Click Locations. The Locations dialog box appears.NET v1. 2. In Internet Information Services (IIS) Manager. The Edit ISAPI or CGI Restriction dialog box appears. Task 7: Set ISAPI and CGI restrictions to use ASP. click Edit.com. click ASP. 6.Lab Answer Key: Securing the IIS 7. or Groups dialog box appears. Computers. asking you to agree to the license agreement. In the details pane. In the details pane.NET v1. Click I accept. Click the Security tab. Right-click wwwroot and then click Properties.com is not already highlighted. 4. ensure that NYC-WEB-B is already expanded. in the Connections pane. 10. 4. 7. Click OK. click NYC-WEB-B. and then click OK. Click Add. Notice that the ASP. click WoodgroveBank.4322. Select Allow extension path to execute. When the installation is complete. The Permissions for wwwroot dialog box appears.NET v1.NET version 1. 3. 2. browse to C:\inetpub\. Notice that the ASP.1.NET Framework 1. 8. . 5. The Select Users. In the Connections pane. The Microsoft . Task 8: Set the rights and permissions for Active Directory users 1.1.1 Service Pack 1 (KB867460) License Agreement dialog box appears. click OK. 3. double-click ISAPI and CGI Restrictions. The wwwroot Properties dialog box appears. In Windows Explorer. and then click Application Pools. Click Edit.4322 has been added.

as specified in a service request document . List folder contents. Click Add. List folder contents. you should have successfully set IP restrictions. 11. Next to Full control. 10. Notice that the Read & execute. 12. 3. In the Enter the object names to select field. In the Group or user names field click ITAdmins_WoodgroveGG. and Active Directory permissions. Click OK. and Read options are allowed. Notice that the all the options are allowed. 2. type ITAdmins_WoodgroveGG and then click Check Names. Click OK. Computers. 14. In the Group or user names field click Herbert Dorner. In the Enter the object names to select field. Task 9: Test and validate the new configuration 1. 15. 13. Notice that the Read & execute. The Select Users. and Read options are allowed. Click OK.0 Web Server and Web Sites 9. Results: After this exercise.8 Lab Answer Key: Securing the IIS 7. or Groups dialog box appears. ISAPI and CGI restrictions. Click OK. select Allow. type Herbert and then click Check Names.

You must configure the protected content to use the managed forms authentication module.config file to protect all content by removing the managedHandler precondition from the <system. 7.NET application pool to Integrated mode. you must reconfigure authentication and authorization so that shared documents folder on the Web server is fully protected by forms authentication.Lab Answer Key: Securing the IIS 7.config <applicationPools> section to change the Classic .webServer> section. On NYC-WEB-B. 4. This exercise’s main tasks are: 1. Task 1: Turn off the Web site cache for the shared documents folder 1.0 Web Server and Web Sites 9 Exercise 2: Configure Authorization. ensure NYC-WEB-B | Sites | Default Web Site | docs is expanded.config file to disable all other authentication types except for anonymous. by entering the direct URL path and file name. Sign into the Woodgrove Bank Web site and retrieve the confidential memo. such as a jpg. Authentication and Access Scenario Additional security measures need to be put in place to protect the Web server. Turn off the Web site cache for the shared documents folder. Exercise Overview In this exercise. Test and validate the new Web site configuration. 5. . An application is protected with forms authentication. Modify the applicationHost. Reconfigure the authorization and authentication so that the protected content uses forms authentication. 3. Modify the applicationHost. 8. Modify the applicationHost.config to unlock the URL Authorization <configSections> section by changing the override mode default to allow. Bypass the Web site forms authentication. 6. but it is discovered that some of the content can bypass forms authentication and still be accessed. in Internet Information Services (IIS) Manager. 9. and then click shared. 2. in the Connections pane. Modify the applicationHost.

Click Signout. click Default Web Site. type Cache-Control. in the Connections pane. Click the Back button. Click Woodgrove Confidential Memo. Click Login. In the Name field. in the HTTP Features section.com. double-click HTTP Response Headers. 4. . 9. 8. 3. type no-cache and then click OK. 7. 5. type Pa$$w0rd. 10.0 Web Server and Web Sites 2. In the details pane. In Internet Information Services (IIS) Manager. 2. 3. The Windows Internet Explorer window opens. click Browse *:80 (http). In the Actions pane. 5. In the Email field. Task 2: Sign into the Woodgrove Bank Web site and retrieve the confidential memo 1. If you get the AutoComplete Passwords dialog box. In the Password field. In the Actions pane. In the Value field. 4. The Add Custom HTTP Response Header dialog box appears. type lmartin@woodgrovebank. click No.10 Lab Answer Key: Securing the IIS 7. 6. Notice that the image representing the Woodgrove Confidential Memo appears. click Add. Click Shared Documents.

Find the <configSections> section.0. System. 2. Click the Back button. Find: <section name="authorization" overrideModeDefault="Allow" /> And replace it with: <section name="authorization" type="System. Do this by modifying the authorization section indicated on the next step. PublicKeyToken=31bf3856ad364e35" overrideModeDefault="Allow" /> .0 Web Server and Web Sites 11 Task 3: Bypass the Web site forms authentication 1. culture=neutral.0. 3.UrlAuthorizationSection. In Windows Explorer. Task 4: Modify the applicationHost.Configuration. In Internet Explorer. double-click applicationHost. browse to http://localhost/docs/shared/Woodgrove_memo.config to unlock the URL Authorization <configSections> section by changing the override mode default to allow 1. In the details pane. Question: Why is the confidential memo being displayed even after the user logs out? Answer: The Web site and directory are not fully protected by forms authentication. browse to C:\windows\system32\inetsrv\config. Unlock the URL Authorization section by changing the override mode default to 'allow'.ApplicationHost.Lab Answer Key: Securing the IIS 7.WebServer. 2.0. Notice that the image representing the Woodgrove Confidential Memo appears.config. Version=7.jpg.

Append: enabled="false" To: clientCertificateMappingAuthentication. digestAuthentication.config file to protect all content by removing the managedHandler precondition from the <system. Task 7: Modify the applicationHost.0 Web Server and Web Sites Task 5: Modify the applicationHost.NET application pool to Integrated mode • Change the Classic . and then modifying the lines indicated on the next steps. and windowsAuthentication.Security.webServer> section 1.Web.12 Lab Answer Key: Securing the IIS 7. 2. . Replace: <add name="FormsAuthentication" type="System.config <applicationPools> section to change the Classic .FormsAuthenticationModule" preCondition="managedHandler" /> 2.NET application pool to Integrated mode by finding the <applicationPools> section and replacing: <add name="Classic .config file to disable all other authentication types except for anonymous 1.NET AppPool" managedPipelineMode="Integrated" /> Task 6: Modify the applicationHost. iisClientCertificateMappingAuthentication. Do this by finding the <system.NET AppPool" managedPipelineMode="Classic" /> With: <add name="Classic .webServer> section. Remove the preconditions for FormsAuthentication and DefaultAuthentication from the modules section. Find the <authentication> section.

2. Find the line <authorization> section. 5. On the File menu.Web. 7. click Save. 6. Replace <add name="DefaultAuthentication" type="System. Close Notepad.Config. double-click Web. 9.Security. changing it to <deny users="?" />. above the line <!--<deny users="?" />-->. click shared. Add the line <allow users="lmartin@woodgrovebank. click Disable. Close Notepad.DefaultAuthenticationModule" preCondition="managedHandler" /> With: <add name="DefaultAuthentication" type="System. On the File menu. click Save. 8.Web.0 Web Server and Web Sites 13 With: <add name="FormsAuthentication" type="System.FormsAuthenticationModule" /> 3. 11.DefaultAuthenticationModule" /> 4. 10. In the Actions pane. . Task 8: Reconfigure the authorization and authentication so that the protected content uses forms authentication 1. 5. 3. In the details pane. In the details pane. in the Security section. Remove the commenting brackets from the line <!--<deny users="?" />-->. In Windows Explorer. browse to C:\inetpub\wwwroot. In Internet Information Services (IIS) Manager. Click Anonymous Authentication.com" />. in the Connections pane. double-click Authentication.Web. The Notepad window opens. 4.Security.Lab Answer Key: Securing the IIS 7.Security.

Notice that you are redirected to the login page and that proper authentication is now required to access the Woodgrove Memo file. . In Internet Explorer.com.14 Lab Answer Key: Securing the IIS 7. the only way to obtain the memo is by having the correct credentials. 5. 3. type lmartin@woodgrovebank.0 Web Server and Web Sites Task 9: Test and validate the new Web site configuration 1. 6. In Internet Explorer. Click Signout. in the Email field. Click the Back button. Click Login. Click Woodgrove Confidential Memo. 2. 7. Results: After reconfigure the Web site’s authorization and authentication. type Pa$$w0rd.jpg. browse to http://localhost/docs/shared/Woodgrove_memo. 4. In the Password field. so that all content uses forms authentication and thereby protecting the confidential memo.

3. 2. double-click Logging. Examine and configure logging options. you must configure and test Web site logging operations. Select Use local time for file naming and rollover. 2. In the details pane. . You received a service request to keep a log of all visitors to the web server for the past 24 hours.Lab Answer Key: Securing the IIS 7. 4. On NYC-WEB-B. In the Actions pane. click Apply. Notice that the Log File Rollover Schedule is set for Daily. Test the logging operations. Exercise Overview In this exercise. in Internet Information Services (IIS) Manager. You must enable and configure logging and then test and verify the log. This exercise’s main tasks are: 1. click NYC-WEB-B. in the Health and Diagnostics section. 5.0 Web Server and Web Sites 15 Exercise 3: Configure Logging Scenario Additional security measures need to be put in place to protect the Web server. in the Connections pane. Task 1: Examine and configure logging options 1.

. Do not save changes so they are reset to default for the next lab. Notice the most recent log entries at the bottom of the log. In the details pane.” Question: What does the word “GET” mean in this log file? Answer: The GET commands indicate requests from the client to the Web server to retrieve the Web pages and images. Close each of the running virtual machines. Results: After examining the configuration of the Web server’s logging settings.0 Web Server and Web Sites Task 2: Test the logging operations 1. In Internet Explorer. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. 3. 4. 2. the current log file was examined and proven to successfully track the Web server’s activity. click the Refresh button.16 Lab Answer Key: Securing the IIS 7. Notice that the log entries include a number of lines with the word “GET. Click the Quit button to exit. In Windows Explorer. browse to C:\ inetpub\logs\LogFiles\W3SVC1. double-click the newest log file.

Lab Answer Key: Configuring Delegation and Remote Administration 1 Module 6 Lab Answer Key: Configuring Delegation and Remote Administration Contents: Exercise 1: Configuring Remote Administration Exercise 2: Configuring Delegated Administration Exercise 3: Configuring Feature Delegation 2 6 11 .

Exercise Overview In this exercise you will practice configuring a Web server for remote administration. A new site has been set up and you have been asked to delegate the administration of the site to the business owner.2 Lab Answer Key: Configuring Delegation and Remote Administration Lab: Configuring Delegation and Remote Administration Logon Information: • • • Virtual Machine: NYC-DC1. NYC-WEB-B User Name: Woodgrovebank\Administrator Password: Pa$$w0rd Estimated time: 60 minutes Note: If you have already logged on to a virtual machine. You will need to give the business owner permission to administer their site only. You must unlock the error page feature so that it can be delegated. . but not the other sites hosted on the server You have been assigned a service request to allow all site owners to administer the error messages for their site. skip the logon task for that particular virtual machine. You must enable remote administration and then test it by accessing the administration features from a remote computer. Exercise 1: Configuring Remote Administration Scenario You need to be able to configure the server remotely.

Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator. click Apply. double-click Management Service. click Launch. In the Internet Information Services (IIS) Manager connections pane. click Launch. On NYC-WEB-B. 2. In the Actions pane. click Start | Administrative Tools | Internet Information Services (IIS) Manager.Lab Answer Key: Configuring Delegation and Remote Administration 3 This exercise’s main tasks are: 1. Test NYC-WEB-B remote administration. 2. Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator. 3. 2. 2. 4. Configure NYC-WEB-B for remote administration. Select Enable remote connections. click NYC-WEB-B(WOODGROVEBANK\Administrator). 5. On the Lab Launcher. Log on to NYC-WEB-B as Woodgrovebank\Administrator with the password of Pa$$w0rd. Task 1: Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator 1. On the Lab Launcher. 6. next to 6427A-NYC-WEB-B. 4. . Log on to NYC-DC1 as Woodgrovebank\Administrator with the password of Pa$$w0rd. Click Start. in the Management section. In the details pane. next to 6427A-NYC-DC1. Click Windows credentials or IIS Manager credentials. Task 3: Configure NYC-WEB-B for remote administration 1. 3. Task 2: Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator 1.

6. and then click Add Roles. 8. In the details pane. Click Start | Administrative Tools | Internet Information Services (IIS) Manager. type NYCWEB-B. and then click Install. Right-click Roles. The Connect to Server wizard appears. Click Next. click Close. Click Finish.com. click Connect to a server. 17. Click Next. 15. 11. select Web Server (IIS). and then click Next. click Start and click Server Manager. 7. In the Server Manager console pane. 16. The Add Roles Wizard dialog box appears. type Pa$$w0rd. 12. In the Connections pane. When the installation completes. Question: Is the IIS Management Service available for configuration remotely? Answer: No. 3. click Roles. clear all check boxes except for IIS Management Console. Click Add Required Features. 2. On NYC-DC1. in the User name field. this service can only be configured locally . In the Server name field. 9. type administrator@woodgrovebank. In the Password field. The Server Certificate Alert dialog box appears. In the Roles box. and then click Next. On the Provide Credentials page. 4. Click Next twice.4 Lab Answer Key: Configuring Delegation and Remote Administration Task 4: Test NYC-WEB-B remote administration 1. The Specify a Connection Name dialog box appears. In the Role services box. 5. Click Connect. The Add Roles Wizard appears. 14. expand NYC-WEB-B | Sites and then click Default Web Site. 10. 13.

Click index. 19. . 21. In the Actions pane. click Move Up. Click Yes.Lab Answer Key: Configuring Delegation and Remote Administration 5 18. in the IIS section. Results: After completing this exercise. In the Actions pane. you should have configured the IIS Management Service to accept remote connections and you should have tested a remote connection from NYC-DC1. double-click Default Document. In the details pane. 20. The Default Document dialog box appears.htm. 22. click Move Up.

Click Done. Test delegated administration for the Human Resources and Sales sites.6 Lab Answer Key: Configuring Delegation and Remote Administration Exercise 2: Configuring Delegated Administration Scenario You need to be able to configure the server remotely. 3. . The Your folder is shared page appears. Click Share. 4. 5. 2. 4. You will need to give the business owner permission to administer their site only. A new site has been set up and you have been asked to delegate the administration of the site to the business owner. The File Sharing dialog box appears. Type Herbert and then click Add. 3. and then click Co-owner. Configure delegated administration for the Sales site. Right-click WoodgroveHRSite. Configure delegated administration for the Human Resources site. You must unlock the error page feature so that it can be delegated. and then click Share. Next to Herber Dorner. click Start | Computer and then browse to Allfiles(E:)\Mod06\Labfiles. Task 1: Configure delegated administration for the Human Resources site 1. click Reader. You must enable remote administration and then test it by accessing the administration features from a remote computer. but not the other sites hosted on the server You have been assigned a service request to allow all site owners to administer the error messages for their site. On NYC-WEB-B. Exercise Overview In this exercise you will practice delegating administration of two web sites to the appropriate business owners. This exercise’s main tasks are: 1. 2. 6. Share the Woodgrove sales Web site for Betsy Stadick.

click Reader and then click Co-owner. In the Text Documents list. 5. On the File menu. 3. Next to Betsy Stadick. click All Files. On the File menu. The Your folder is shared page appears. expand Sites. Task 2: Share the Woodgrove Sales Web Site for Betsy Stadick 1. 2. Browse to C:\windows\system32\intesrv\config. Right-click WoodgroveSalesSite. double-click IIS Manager Permissions. Scroll down to the <authentication> tag and delete the following text: <anonymousAuthentication enabled="true" userName="IUSR" /> <basicAuthentication enabled="false" /> <clientCertificateMappingAuthentication /> <digestAuthentication /> <iisClientCertificateMappingAuthentication /> <windowsAuthentication /> 7. click Open. In Windows Explorer. On the File menu. and then click Share. In the Actions pane. Click Start. click Allow User. 10. and then press ENTER. Click applicationHost. The Allow User dialog box appears. 6. Click Share. and click Run.Lab Answer Key: Configuring Delegation and Remote Administration 7 7. The Open dialog box appears. Type Betsy and then click Add. The Notepad window opens. in the Management section. In the details pane. 8. Click Done. then type Notepad. 5. 8. type Herbert and then click OK.config. 4. 2. The File Sharing dialog box appears. In the Windows field. 3. 9. 6. browse to E:\Mod06\Labfiles. click Open. In the Internet Information Services (IIS) Manger Connections pane. and then click HR. Task 3: Configure delegated administration for the Sales site 1. . 4. and then click Open. click Save.

The Provide Credentials page appears. click All Files. Click Connect. type Pa$$w0rd and then click Next. 11. 19. 13. Scroll to the end of the applicationhost. 8. 3.config. type HR. 14. On the Edit menu. On the Edit menu. Click EnableAnonymousAuthentication. On NYC-DC1. type NYCWEB-B. Log on as woodgrovebank\herbert with a password of Pa$$w0rd. The User Account Control dialog box appears. 10. On the Edit menu. 16. type herbert@woodgrovebank. and then click Open. Task 4: Test delegated administration for the Human Resources and Sales sites 1. click Open. The Open dialog box appears. Click Start | Administrative Tools | Internet Information Services (IIS) Manager. In the Password field. and then click Open. 20. click Select All.com. 10. 6. click Connect to a site. click Paste. . On the File menu. In the Password field. In the details pane. 9. 7. 4. 2. 17.8 Lab Answer Key: Configuring Delegation and Remote Administration 9. and then click OK. The Connect to Site dialog box appears. The Open dialog box appears. Browse to E:\Mod06\Labfiles. 5.config file and put the cursor on the line before </configuration>. On the File menu. click Save.txt. 12. In the Text Documents list. The Server Certificate Alert dialog box appears. click Start | Switch User. In the Site name field. 18. Close Notepad. Browse to C:\windows\system32\intesrv\config. click Copy. In the Server name field. 15. type Pa$$w0rd. In the User name field. and then click Next. Click applicationHost.

In the details pane.Lab Answer Key: Configuring Delegation and Remote Administration 9 11. 14. and then click Next. and click Run. The Internet Information Service (IIS) Manager dialog box appears. 31. The Connect to Site dialog box appears. 23. The Notepad window opens. On the Edit menu. 17. 21. 30. Click Cancel. 22. The Connect to Site dialog box appears with an error stating that the user is not authorized to connect to the specified computer. Click OK. 18. 15. click Copy. On the File menu. type Sales. type herbert@woodgrovebank. In the Connections pane. click Open. Click DisableAuthentications. In the Connection Name field. and then click Open. In the Site name dialog box. asking if you want to save changes. 16. Log on as woodgrovebank\betsy with a password of Pa$$w0rd. In the Password field. Question: Why does this error occur? Answer: This error occurs because Herbert was not granted IIS Manager permission on the Sales site. then type Notepad. . Click Start | Switch User. 25.com. In the Server name field. 29. 12. 28. and then click Next. 24. Close Internet Information Service (IIS) Manager. 20. 27. Click Start. Click No. click Select All. type Human Resources Site and then click Finish. 26. 19. In the User name field. click Open. The Open dialog box appears. Browse to E:\Mod06\Labfiles. type Pa$$w0rd. click Connect to a site. click Start Page. The Provide Credentials page appears. On the Edit menu. type NYCWEB-B. On the File menu. The Specify a Connection Name dialog box appears. 13. and then press Enter.

you should have successfully delegated administration for the Human Resources web site to Herbert Dorner and delegated administration for the Sales web site to Betsy Stadick. The web server is unable to service a request for a web page if no means for authentication is configured. click Paste. 34. The Windows Internet Explorer window opens. In the File name field. 42. The Open dialog box appears. 45. Question: Why does the server report this error? Answer: The server reports a 401 error because both Anonymous Authentication and Windows Authentication have been disabled. 35. Notice error 401 indicating that the user does not have permission to view this page. On the File menu. The Open dialog box appears.Config and then click Open. 44. type \\NYC-WEBB\WoodgroveHRSite\Web. On the Edit menu. The Network Error dialog box appears. 40. Scroll to the end of the Web. and click Run. Click Start | Internet Explorer. click Save. Close Notepad. In the File name field.woodgrovebank. 37. On the File menu. Click Cancel twice and then close Notepad. The Notepad window opens. then type Notepad.com. 33. and then press Enter.Config and then click Open. Click Start. click Open. Browse to http://sales. 36. Results: After completing this exercise. 39. Click See details and note the resulting error and notice that it says access is denied. 41.Config file and put the cursor on the line before </configuration>. 43. 38. . type \\NYC-WEBB\WoodgroveSalesSite\Web.10 Lab Answer Key: Configuring Delegation and Remote Administration 32.

Click Error Pages. On NYC-DC1. Task 2: Test feature delegation for the Human Resources site 1. . click NYC-WEB-B. but not the other sites hosted on the server You have been assigned a service request to allow all site owners to administer the error messages for their site. double-click Feature Delegation. You must enable remote administration and then test it by accessing the administration features from a remote computer. 2. in the Internet Information Services (IIS) Manger Connections pane. click Start | Switch User. Test feature delegation for the Human Resources site. in the Management section. 4. You must unlock the error page feature so that it can be delegated. click Read/Write. This exercise’s main tasks are: 1. Exercise Overview In this exercise you will practice configuring delegated administration so that all site owners can administer the error messages for their site. You will need to give the business owner permission to administer their site only. In the details pane. 2. 3. In the Actions pane. Task 1: Configure feature delegation for the Human Resources and Sales sites 1. Log on as woodgrovebank\herbert with a password of Pa$$w0rd. On NYC-WEB-B. 2. Configure feature delegation for the Human Resources and Sales sites. A new site has been set up and you have been asked to delegate the administration of the site to the business owner.Lab Answer Key: Configuring Delegation and Remote Administration 11 Exercise 3: Configuring Feature Delegation Scenario You need to be able to configure the server remotely.

7. 4. The Edit Custom Error Page dialog box appears. Browse to http://hr. 19. 9. The Internet Explorer window opens. 13. Click Start | Administrative Tools | Internet Information Services (IIS) Manager. 14. type /ErrorPages/custom404. click Human Resources Site. click Connect to a site. Click Connect. 10. In the Password field. 5. In the Connections pane. and then click OK. The Connect to Site dialog box appears. 18. In the details pane. type NYCWEB-B. In the Connection Name field. Click Start | Internet Explorer. Close each of the running virtual machines. In the Site name dialog box. Note that the custom error page is displayed.htm and then click OK.com/missingpage. type Pa$$w0rd. Right-click the line beginning with 404. Click Execute a URL on this site. and then click Next. and then click Edit. 20. 11. The Specify a Connection Name dialog box appears. In the details pane. Do not save changes so they are reset to default for the next lab. in the IIS section. The Server Certificate Alert dialog box appears. . In the Password field. double-click Error Pages. and then click Next.12 Lab Answer Key: Configuring Delegation and Remote Administration 3. you should have successfully configured the Human Resources and Sales sites so that the site owners can customize error pages for each site. 17. type Human Resources Site and then click Finish. 12. In the User name file. 6. 15.woodgrovebank. type herbert@woodgrovebank. type Pa$$w0rd. In the URL (relative to site root) field. The Provide Credentials page appears. The User Account Control dialog box appears. 8. In the Server name field. type HR.com. 16. Results: After completing this exercise.htm.

Lab Answer Key: Configuring Delegation and Remote Administration 13 Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. Click the Quit button to exit. .

Administration Exercise 3: Automate IIS Administration using Scripts Exercise 4: Navigating IIS tasks using WMI and AppCmd 2 5 7 11 .0 Administration 1 Module 7 Lab Answer Key: Using Command-line and Scripting for IIS 7.0 Administration Contents: Exercise 1: Manage IIS Web Sites with PowerShell Exercise 2: Use Microsoft.Web.Lab Answer Key: Using Command-line and Scripting for IIS 7.

This exercise’s main tasks are: 1. Note: If you have already logged on to a virtual machine. 2. Start the w3svc service using PowerShell.0. skip the logon task for that particular virtual machine. Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator. 3. 6. 5. you will learn how to use PowerShell to manage IIS 7. Use PowerShell to identify all services. List PowerShell. Use PowerShell to identify running services that start with a “w”. Exercise Overview In this exercise. Stop the w3svc service using PowerShell.0 Administration Lab: Using Command-line and Scripting for IIS 7.2 Lab Answer Key: Using Command-line and Scripting for IIS 7. .0 Logon Information: • • • Virtual Machine: NYC-WEB-B User Name: Woodgrovebank\Administrator Password: Pa$$w0rd Estimated time: 60 minutes Exercise 1: Manage IIS Web Sites with PowerShell Scenario The development team requires additional tools to manage their Websites. 4. First you need to make sure that PowerShell will correctly manage the server’s services and make sure it can successfully stop and start the Web service.exe process using the get-wmiobject cmdlet.

On NYC-WEB-B. Type get-service -servicename w3svc and then press Enter. name. Notice the list of services that begin with a “w” with the “stopped” services listed first. 2. 2. On the Lab Launcher. click Launch. Type get-service -include w* | sort-object -property status and then press Enter. 2. type get-service and then press Enter. . Close the Server Manager and click Start | All Programs | Windows PowerShell 1. Task 4: Stop the w3svc service using PowerShell 1. Type stop-service -servicename w3svc and then press Enter. 2. Type get-service -servicename w3svc and then press Enter Task 5: Start the w3svc service using PowerShell. Task 2: Use PowerShell to identify all services 1.Lab Answer Key: Using Command-line and Scripting for IIS 7. 1. At the Windows PowerShell prompt.0 | Windows PowerShell. Task 3: Use PowerShell to identify running services that start with a “w” 1. 2. Type start-service -servicename w3svc and then press Enter. and display name of each service.0 Administration 3 Task 1: Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator 1. if Server Manager opens. Log on to NYC-WEB-B as Woodgrovebank\Administrator with the password of Pa$$w0rd. next to 6427A-NYC-WEB-B. Notice the status.

stopped and started services using PowerShell. Type Get-WmiObject -query "Select * From Win32_Process Where Name = 'powershell. 2. Question: What operating system is listed in the details? Answer: Microsoft Windows Server 2008 Enterprise. you should have successfully identified. .exe'" and then press Enter.4 Lab Answer Key: Using Command-line and Scripting for IIS 7. Results: After this exercise.0 Administration Task 6: List PowerShell. Notice the detailed information for the powershell.exe process.exe process using the get-wmiobject cmdlet 1.

Load Microsoft.Assembly]::LoadFrom("C:\windows\system32\inetsrv\ Microsoft.Web.Administration.Web. Notice the GAC.Administration. and then stop and start the default Website. you will learn how to use MWA to execute a script. This exercise’s main tasks are: 1. Use the findsite function to list the default Website.Sites and then press Enter. the default Website ID.Reflection.Name} and then press Enter. 4. 2. 3.ServerManager). Create a function using MWA to find Websites.Lab Answer Key: Using Command-line and Scripting for IIS 7. Then restart the service using the script and verify that it is started. 2.Sites | ForEach-Object {$_. in PowerShell.dll.dll 1.Web. . Type (New-Object Microsoft.dll") and then press Enter.dll.Administration. version and location for the Microsoft. 3. Notice the detailed information for the sites on the server. 2.Administration. Task 2: Get Website information with MWA 1.Administration Scenario You need to verify that a script will effectively stop and start using MWA. Exercise Overview In this exercise. Notice the names of the Websites on the server. Get Website information with MWA. Run the script and then check to make sure that the service is stopped. 4.Web.Web.0 Administration 5 Exercise 2: Use Microsoft. type [System.ServerManager). which signifies the DLL file was loaded.Administration.Web. On NYC-WEB-B.Web. Task 1: Load Microsoft. Type (New-Object Microsoft.Administration.

5. the default Website ID. 7. What did it do? Answer: This command line created the command findsite.Administration. Question: Why does the command return an output value of “unknown”? Answer: Because it attempted to start the default Web site without first checking to see if it was stopped or checking the result.6 Lab Answer Key: Using Command-line and Scripting for IIS 7. Notice the detailed information for the default Website.0 Administration Task 3: Create a function using MWA to find Websites • Type function findsite {$name=$args[0]. 6. you should have successfully used Microsoft. 9.Web. 3.Web.State and then press Enter.Web.Administration module into an easy-to-use single command.Stop() and then press Enter. Notice the status for the default Website is now “started”. Notice the output is “unknown”. Notice the ID for the default Website: 1.Administration to gather Website information and created a function to start and stop the default Website. Results: After this exercise. Type (findsite default*). Type findsite default* and then press Enter. 10. and then stop and start the default Website 1. } and then press Enter. 4. Type (findsite default*). Type (findsite default*). Question: This command line didn't return any values. Notice the status for the default Website is now “stopped”. Type (findsite default*). ((New-Object Microsoft. 2.Name -match $name}).Sites | Where-Object {$_.ID and then press Enter. . Task 4: Use the findsite function to list the default Website.ServerManager).Start() and then press Enter. 8. which integrates the Microsoft.

PowerShell profile script to automatically load assemblies. 2. List sites using global variable. you will learn how to use a PowerShell scripts. Use PowerShell script to verify site was created. Create Microsoft. Use PowerShell script to find sites.0 Administration 7 Exercise 3: Automate IIS Administration using Scripts Scenario The development team provided you with a script that lists Websites on the server. You also need to deploy several identical Websites using the same default content located on a share.Lab Answer Key: Using Command-line and Scripting for IIS 7. 5. Set execution policy to unrestricted. Add a global variable to profile script. Exercise Overview In this exercise. 3. This exercise’s main tasks are: 1. 7. A PowerShell script will be used to automate this task. 6. . 4. You need to test and run the script using PowerShell. Review and run a script to create a Website.

" echo "Loading IIS 7. Type set-ExecutionPolicy Unrestricted and then press Enter. type get-executionpolicy and then press Enter. 2. Notice the executionpolicy is set to “restricted”.Name))} echo "Assemblies loaded. 3. .0 Environment Loader" echo "Copyright 2006 Microsoft Corporation. type if (test-path $profile) {echo "Path exists. click Save. In Notepad. new-variable iismgr -value (NewObject Microsoft. 3.8 Lab Answer Key: Using Command-line and Scripting for IIS 7. in PowerShell. 4. On NYC-WEB-B. type. Task 2: Set execution policy to unrestricted 1. at the end of the script. All rights reserved. On the File menu.dll") | ForEach-Object {[System. 2.Reflection.0 Administration Task 1: Create Microsoft.Assembly]::LoadFrom((join-path -path $inetsrvDir -childPath $_. In Windows PowerShell.Administration. The Notepad window opens. Minimize but do not close Notepad. click Save." 2.ServerManager) -scope "global". Task 3: Add a global variable to profile script 1. On the File menu. Type the following: echo "Microsoft IIS 7. 3. notepad $profile and then press Enter. Minimize but do not close Notepad.Web.PowerShell profile script to automatically load assemblies 1.0 Managed Assemblies" $inetsrvDir = (join-path -path $env:windir -childPath "\system32\inetsrv\") Get-ChildItem -Path (join-path -path $inetsrvDir -childPath "Microsoft*."} else {new-item -path $profile -itemtype file -force}.

Click Start | All Programs | Windows PowerShell 1. 2. click Save As.ps1xml") 10.Administration.Administration. 2. 7. Close Notepad. Notice the site information that is displayed.Lab Answer Key: Using Command-line and Scripting for IIS 7.type. Restore Notepad. The Save As dialog box appears. click Save. click All Files.0 | Windows PowerShell. Review the code. at the end of the script.Web. The Windows PowerShell window opens. Task 5: Use PowerShell script to find sites 1. 4.ps1xml.0 Administration 9 Task 4: List sites using global variable 1. The Notepad window opens. type the following: new-variable iissites -value (New-Object Microsoft. Type $iissites. 13. 4. Right-click iis. Type $iismgr.0 and then click Save. and then click Edit.ApplicationPools -scope "global" update-typedata -append (join-path -path $PSHome -childPath "iis. Close Windows PowerShell and then reopen it. Click Start | Computer.ServerManager). 6.ServerManager). Close Notepad. On the File menu. On the File menu.Sites -scope "global" new-variable iisapppools -value (New-Object Microsoft. 5. Close Windows PowerShell. In the Save as type list. 9. 8. 3. Notice the script information that now executes when you open PowerShell. 3.Web.types. Browse to C:\windows\System32\WindowsPowerShell\v1. and then browse to E:\Mod07\Labfiles\Scripts.Find("^Default*") and then press Enter. 11.Sites and then press Enter. 12. .

Double-click CreateWebsite. Notice the details for the default Website are listed.exe. browse to E:\Mod07\Labfiles\Scripts\CreateWebsite\CreateWebsite\CreateWebsite \bin\Debug. 4. Results: After this exercise. 2. In Windows Explorer. type c:\CreateWebsite.10 Lab Answer Key: Using Command-line and Scripting for IIS 7. Right-click CreateWebsite. and then click Copy. 3. 2. Notice the details for the new Website are listed. Browse to C:\ and then click Paste.PowerShell profile script. Finally.Find("^NewSite*") and then press Enter.0 Administration 14. The Notepad window opens. Task 6: Review and run a script to create a default Website in PowerShell 1. . and then close Notepad. 5. In Windows PowerShell.cs.exe and then press Enter. browse to E:\Mod07\Labfiles\Scripts\CreateWebsite\CreateWebsite\CreateWebsite. 6. you should have successfully created a site named NewSite. Review the code. In Windows Explorer. You should have also used a saved script to list Website. you should have successfully created a Microsoft. 7. Type $iissites. Task 7: Use PowerShell script to verify Website was created 1.

Use AppCmd to identify all running application pools. 3. Use AppCmd to identify tasks running on the Web server. If the command doesn’t list any results. Task 2: Use AppCmd to identify all running application pools 1. This exercise’s main tasks are: 1. 2. 2. 5. Move all applications in a site to NewAppPool application pool.Lab Answer Key: Using Command-line and Scripting for IIS 7. 6. Notice this command lists the current running worker processes. 3. 4. click Start | Command Prompt.0 Administration 11 Exercise 4: Manage IIS tasks using WMI and AppCmd Scenario You need to verify which tasks are running on the server. Use AppCmd to recycle all running application pools. Notice the currently running application pools are listed. Type appcmd list wp and then press Enter. On NYC-WEB-B. 4. and then restore the configuration information. Type cd \windows\system32\inetsrv and then press Enter. 2. . Task 1: Use AppCmd to identify tasks running on the Web server 1. there aren’t any worker processes running. Exercise Overview In this exercise. Use WMI to list the Default Web Site on the Web server. you will use WMI and AppCmd for IIS administration. Use WMI and AppCmd to display the list of running tasks. Type appcmd list apppool and then press Enter. Store configuration information to file.

Echo "Retrieved an instance of Site" WScript. Notice the configuration changes were applied to the Default Web Site. Type appcmd list app /site. Type appcmd list apppool /xml | appcmd recycle apppool /in and then press Enter.vbs.xml and then press Enter. click All Files. Task 5: Store configuration information to file.Name WScript. and then click Save. 3. Task 4: Move all applications in a site to NewAppPool application pool 1. Type appcmd set config "Default Web Site/" /in < config. On the File menu.Echo "ID: " & oSite. type Notepad and then press Enter. In the Save as type list. Type appcmd list config "Default Web Site/" /section:caching /xml /config > config. 2.ID 3.xml and then press Enter. and then restore the configuration information 1. type C:\GetSite.Name='Default Web Site'") WScript. 5. 2. The Notepad window opens.12 Lab Answer Key: Using Command-line and Scripting for IIS 7. Click Start.name:"NewSite" /xml | appcmd set app /in /applicationPool:NewAppPool and then press Enter Notice the following is displayed “APP object “NewSite/” changed”. In the File name field. Close Notepad. 2. 6. . 4. Task 6: Use WMI to list the Default Web Site on the Web server 1. 2.Echo "Name: " & oSite. Type: Set oIIS = GetObject("winmgmts:root\WebAdministration") Set oSite = oIIS.0 Administration Task 3: Use AppCmd to recycle all running application pools 1.Get("Site. click Save. The Save As dialog box appears. Notice the message is displayed ““DefaultAppPool” successfully recycled”.

Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. Notice the default script has been set to “cscript. Type getsite. type cd \. 9. 10. Type cscript //h:cscript.vbs. Results: After this exercise.Lab Answer Key: Using Command-line and Scripting for IIS 7. You should have also successfully identified the default Website using WMI. and then press Enter. Do not save changes so they are reset to default for the next lab. and then press Enter. move application and store configuration information to a file. . you should have successfully used AppCmd to recycle application pools. 11. Click the Quit button to exit.exe”. Close each of the running virtual machines. 12. and then press Enter. 8. From the command prompt.0 Administration 13 7. Notice the Web site name and ID are displayed.

0 for Improved Performance 1 Module 8 Lab Answer Key: Tuning IIS 7.Lab Answer Key: Tuning IIS 7.0 for Improved Performance Contents: Exercise 1: Deploying Applications Exercise 2: Configuring IIS Performance Options Exercise 3: Managing Application Pools to Improve Performance 2 6 10 .

skip the logon task for that particular virtual machine. Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator. Add ASP.2 Lab Answer Key: Tuning IIS 7.0 for Improved Performance Lab: Tuning IIS 7. with Xcopy. 4. as well as application updates. Note: If you have already logged on to a virtual machine. 3. 7. Deploy the application updates to SalesSupport2 using Xcopy. 2. Start the 6427A-NYC-DC1 virtual machine.NET application files. This exercise’s main tasks are: 1.0 for Improved Performance Logon Information: • • • Virtual Machine: NYC-DC1.NET and Dynamic Content Compression features to the IIS Role. Create and assign an application pool for SalesSupport2 and test functionality. Create the SalesSupport application and copy the ASP. . 5. Exercise Overview In this exercise. 6. NYC-WEB-A User Name: Woodgrovebank\Administrator Password: Pa$$w0rd Estimated time: 60 minutes Exercise 1: Deploying Applications Scenario You receive a request to deploy a second copy of an installed application. and then deploy updates to the new installation so that the Enterprise Design QA team can test the proposed updates. students will learn how to deploy an application. Deploy a second copy of the SalesSupport application named SalesSupport2 using Xcopy.

6. Click Start | Administrative Tools | Internet Information Services (IIS) Manager. select ASP. 7.NET and Dynamic Content Compression are listed as Installed. In Server Manager console pane. In the Performance section. 2. On NYC-WEB-A. In the Role services box. In the Connections pane. .0 for Improved Performance 3 Task 1: Start the 6427A-NYC-DC1 virtual machine • On the Lab Launcher. 2.NET and Dynamic Content Compression features to the IIS Role 1.NET.Lab Answer Key: Tuning IIS 7. select Dynamic Content Compression. expand Roles and then click Web Server (IIS). In the details pane. Click Next and then click Install. notice that ASP. in the Role Services section. Click Add Required Role Services. 2. Log on to NYC-WEB-A as Woodgrovebank\Administrator with the password of Pa$$w0rd. When the installation completes. 3. click Start and click Server Manager. Task 3: Add ASP. Task 4: Create the SalesSupport application and copy the ASP. expand NYC-WEB-A | Sites and then click Default Web Site. 8. click Close.NET application files 1. Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator 1. On the Lab Launcher. next to 6427A-NYC-WEB-A click Launch. and then click Add Role Services. 5. The Add Role Services box appears. next to 6427A-NYC-DC1 click Launch. 4. Right-click Web Server (IIS). The Add Role Services dialog box appears.

4. Click Start | Command Prompt.. and then click Make New Folder. 4. Type cd \inetpub\wwwroot and then press Enter. and then click Paste. In Internet Information Services (IIS) Manager. Click OK. 12. When prompted to overwrite files. Type xcopy /e *. At the command prompt. Type cd \Mod08\Labfiles\SalesSupport2 and then press Enter. The Add Application dialog box appears. in the Connections pane. click the Browse (.4 Lab Answer Key: Tuning IIS 7.* c:\inetpub\wwwroot\salessupport2 and then press Enter. 11. Browse to C:\inetpub\wwwroot\SalesSupport. 10. 8. right-click. Type xcopy /e SalesSupport\*. Notice that 36 files are copied. 9. 2.* SalesSupport2. type SalesSupport. In the Alias field. 5. 6.. In the Actions pane. 3. Type md SalesSupport2 and then press Enter.0 for Improved Performance 3. press A for all. click Default Web Site. type E: and then press Enter. click View Applications. Type SalesSupport and then click OK. Task 5: Deploy a second copy of the SalesSupport application named SalesSupport2 using Xcopy 1. 7. Select all. Browse to C:\inetpub\wwwroot. The Browse For Folder dialog box appears. 3. . 5. 2. Click Start | Computer and then browse to E:\Mod08\Labfiles\SalesSupport. Click Add Application. Next to the Physical path field.) button. 5. Task 6: Deploy the application updates to SalesSupport2 using Xcopy 1. then right-click and click Copy. 4.

9. and then click OK twice. expand Default Web Site and then click SalesSupport2. 6. type SalesSupport2 and then click OK. In the Connections pane. click the Browse (. click SalesSupport2. Browse to C:\inetput\wwwroot\SalesSupport2. 7. click Basic Settings. 5.Lab Answer Key: Tuning IIS 7. 7. 8. click Application Pools. lick Add Application. In the Actions pane. The Edit Application dialog box appears. 2. 10.. The Windows Internet Explorer window opens.) button. Results: After this exercise. click Add Application Pool. 11. In the Actions pane. 12. 10.NET role service is installed. The Add Application dialog box appears. 3. In the Name field. The Add Application Pool dialog box appears.0 loads successfully. 9. .. you should have successfully verified that the ASP. Click Start | All Programs | Internet Explorer.0 for Improved Performance 5 6. In the Actions pane. In the Application pool list. Browse to http://localhost/salessupport. deployed that SalesSupport2 application. Notice that the Woodgrove Bank Sales Support page loads successfully. click View Applications. and then click OK twice. The Select Application Pool dialog box appears. In the Alias field. Task 7: Create and assign an application pool for SalesSupport2 and test functionality 1. 4. In the Connections pane. Click Select. Notice that the Woodgrove Bank Sales Support page version 2. Next to the Physical path field. 8. type SalesSupport2. In Internet Explorer. The Browse For Folder dialog box appears. browse to http://localhost/salessupport2. and verified functionality.

Click OK. 2. Use Performance Monitor to measure performance. Click Add. scroll down. With Reliability and Performance monitor running. click Performance Monitor. and throttling. In the details pane. students will learn how to configure IIS Performance Options. compression. Click Bytes Sent/sec. and then expand Web Service. and then click OK. click Refresh several times rapidly. In the console pane. click <All instances>. 8. 4. 3. 9. in Internet Explorer. 10. Task 1: Use Performance Monitor to measure performance 1. browse to http://localhost/salessupport/test.6 Lab Answer Key: Tuning IIS 7. 7. The Performance Monitor Control dialog box appears. 6. click Start | Administrative Tools | Reliability and Performance Monitor. Configure Compression. 2. After the page loads. Configure Output Caching. Above the graph. click the Add button (green plus). . 11. 3. Configure connection limit throttling. In the Instances of selected object field. On NYC-WEB-A. In the Available counters list. Exercise Overview In this exercise. 5. Notice that the dynamically generated time updates each time you refresh. First. right-click the graph. The Add Counters dialog box appears. and then click Remove All Counters. 4. you will use Performance Monitor to look at the current machine performance. This exercise’s main tasks are: 1.0 for Improved Performance Exercise 2: Configuring IIS Performance Options Scenario Next you will configure performance options for the SalesSupport application. Then you will configure and test output caching.aspx.

Open Internet Explorer. Notice that the time updates with each load. The Add Cache Rule dialog box appears. Click At time intervals. click Add. In Reliability and Performance Monitor. You may need to do this a couple of times to get a zoomed in view of the data.Lab Answer Key: Tuning IIS 7. 5. 13. 10. Click Refresh several times rapidly for at least 30 seconds. 9. In Internet Explorer. 11. Notice that the first peak has higher throughput than the second. . Notice that the time updates only every 10 seconds after the first couple of loads and that the subsequent loads are much faster. Close Internet Explorer. In the File name extension field. 3. 14. in the Connections pane. 4. notice that the graph reflects the throughput.aspx.aspx. 13. browse to http://localhost. double-click Output Caching. 6. In Reliability and Performance monitor. Click Refresh several times rapidly. 8. In the Actions pane. expand NYC-WEB-A(WOODGROVEBANK)| Sites | Default Web Site and then click SalesSupport. In Internet Information Services (IIS) Manager. browse to http://localhost/salessupport2/test. and browse to http://localhost/salessupport/test. and then delete the existing text and type 00:00:10. Task 2: Configure Output Caching 1. compare the two peaks for throughput on the graph. In the details pane. 7. Click OK. Task 3: Configure Compression 1.aspx. Select Kernel-mode caching. In Internet Explorer. in the IIS section. 12. 2.0 for Improved Performance 7 12. Note that you can right-click the graph and then click Scale Selected Counters to get a better representation. type .

In Internet Explorer. Click Refresh several times rapidly. The throughput has decreased because dynamic compression negates dynamic output caching. 17. 13. Close Internet Explorer. click Apply. 6. In the Actions pane.0 for Improved Performance 2. In the Actions pane. note the throughput on the graph. 11.8 Lab Answer Key: Tuning IIS 7. in the IIS section. 14. select Enable dynamic content compression. and browse to http://localhost. 16. 3. click Apply. 4. In Reliability and Performance Monitor.aspx. Open Internet Explorer. 5. double-click Compression. Only the first page load requires processing the compression. in the details pane. Click Refresh several times rapidly. In Internet Information Services (IIS) Manager. Task 4: Configure connection limit throttling 1. browse to http://localhost. . 8. Clear the Enable static content compression check box. In Reliability and Performance Monitor. browse to http://localhost/SalesSupport/test. in the Connections pane. In Internet Information Services (IIS) Manager. Click Refresh several times rapidly.aspx. note the throughput on the graph. In Internet Explorer. Click Refresh several times rapidly. In Reliability and Performance Monitor. 2. 7. In Reliability and Performance Monitor. browse to http://localhost/SalesSupport/test. note the throughput on the graph. 12. note the throughput on the graph. In Internet Explorer. Right click the IIS7 tab. 15. 10. There should not be much change for static compression. Question: Why does the graph show little or no change? Answer: Static compression is cached. 18. 9. click Default Web Site. 19. In the details pane. and then click New Tab.

In the Internet Explorer dialog box. In Internet Information Services (IIS) Manager. 15. 12. 6. Results: After this exercise. The Edit Web Site Limits dialog box appears. Click OK. Close Internet Explorer.0 for Improved Performance 9 3. 16. and then click Refresh All.Lab Answer Key: Tuning IIS 7. 13. Notice that all of the tabs refresh successfully. click Limits. In the Internet Explorer dialog box. 9. right-click one of the tabs. 5. Repeat to create another new tab. In the Limit number of connections field. 4. You should have three tabs open. and then click Refresh All. click Default Web Site. browse to http://localhost. 11. and then browse to http://localhost. 7. and browse to http://localhost in three tabs. Notice that at least one of the tabs now reports Service Unavailable. In Internet Explorer. Close Internet Explorer. 14. . type 1. 10. 8. Right-click one of the tabs. In the Actions pane. in the Connections pane. you should have configured performance options and verified functionality. Select Limit number of connections. In the new tab. Open Internet Explorer. click Close Tabs. click Close Tabs.

In the details pane. open Internet Explorer. 2. Assign SalesSupport and SalesSupport2 to the same application pool. click Application Pools. in the console pane. Note the amount of memory being used by each in the Commit (KB) and Working Set (KB) columns. Task 2: Recycle an application pool 1. 3. 3. On NYC-WEB-A. expand Memory. In the Actions pane. and browse to http://localhost/salessupport. click SalesSupport2. 3. Notice that there are two instances running. students will learn how to manage application pools to improve performance.10 Lab Answer Key: Tuning IIS 7. Recycle an application pool. Task 1: Use Reliability and Performance Monitor to measure resource usage 1. Open a second tab and browse to http://localhost/salessupport2. In Internet Information Services (IIS) Manager. Exercise Overview In this exercise.0 for Improved Performance Exercise 3: Managing Application Pools to Improve Performance Scenario You will now modify the application pools to improve resource usage. 6. 5. click Reliability and Performance. 2. . In Reliability and Performance Monitor. and then scroll down to w3wp.exe. Use Reliability and Performance Monitor to measure resource usage. Click the Image column heading to sort by image name. in the Connections pane. This exercise’s main tasks are: 1. 4. 2. click Recycle. In the details pane.

In the Connections pane. click SalesSupport2. 10. notice that is now only one w3wp. 3. 7. click SalesSupport2. Click Select. 2. Click OK twice. Do not save changes so they are reset to default for the next lab. and browse to http://localhost/salessupport. The Edit Application dialog box appears.Lab Answer Key: Tuning IIS 7. 4. Task 3: Assign SalesSupport and SalesSupport2 to the same application pool 1. 5. notice that one of the w3wp.exe process and less total memory consumed. In Reliability and Performance Monitor. In the Actions pane. Close each of the running virtual machines. 11. In the Actions pane. In the Application pool list. The Confirm Remove dialog box appears. 5. 6. 13. In the Internet Explorer dialog box. . click Remove. Click the Quit button to exit. Click Yes. In the details pane. and verified resource usage with Reliability and Performance Monitor.0 for Improved Performance 11 4. Close Internet Explorer. click Close Tabs. click Application Pools. Results: After this exercise.exe processes consumes less memory. 9. Open Internet Explorer. 8. click DefaultAppPool. Open a second tab and browse to http://localhost/salessupport2. In Reliability and Performance Monitor. click Basic Settings. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. 12. in the Connections pane. you should have recycled and consolidated application pools. The Select Application Pool dialog box appears. In Internet Information Services (IIS) Manager.

Lab Answer Key: Ensuring Web Site Availability with Web Farms 1 Module 9 Lab Answer Key: Ensuring Web Site Availability with Web Farms Contents: Exercise 1: Backing Up an IIS Web Site Exercise 2: Restoring an IIS Web Site Exercise 3: Enabling Shared Configurations Exercise 4: Configuring Network Load Balancing 2 5 7 11 .

Start the 6427A-NYC-WEB2 virtual machine and log on as Woodgrovebank\Administrator. Use the virtual disk drive E: for the backup drive. Before you begin. Web application.2 Lab Answer Key: Ensuring Web Site Availability with Web Farms Lab: Ensuring Web Site Availability with Web Farms Logon Information: • • • Virtual Machine: NYC-DC1. NYC-WEB-D. 4. Exercise Overview In this exercise. and config files to the E: drive. Start the 6427A-NYC-WEB-D virtual machine and log on as Woodgrovebank\Administrator. This exercise’s main tasks are: 1. students will learn how to back up a Web site. . you will back up an existing site and verify that it can be restored properly. Backup the Web site. 3. 2. NYC-WEB2 User Name: Woodgrovebank\Administrator Password: Pa$$w0rd Estimated time: 60 minutes Exercise 1: Backing Up an IIS Web Site Scenario The Enterprise Design Team has asked you to explore options for increasing Web site availability. as a stand-in for a remote storage device. Start the 6427A-NYC-DC1 virtual machine.

On the Lab Launcher. Task 1: Start the 6427A-NYC-DC1 virtual machine • On the Lab Launcher. select all. next to 6427A-NYC-WEB-D. 6. and then click Copy. Notice that the Web site files are now backed up to this shared folder. Log on to NYC-WEB2 as Woodgrovebank\Administrator with the password of Pa$$w0rd. . 2. right-click and then click Paste. click New | Folder. 8. Log on to NYC-WEB-D as Woodgrovebank\Administrator with the password of Pa$$w0rd. next to 6427A-NYC-DC1. 2. In the details pane. and config files to the E: drive 1. Task 2: Start the 6427A-NYC-WEB-D virtual machine and log on as Woodgrovebank\Administrator 1. click Launch. click Launch. Task 4: Backup the Web site.Lab Answer Key: Ensuring Web Site Availability with Web Farms 3 Note: If you have already logged on to a virtual machine. 2. and then browse to E:. Task 3: Start the 6427A-NYC-WEB2 virtual machine and log on as Woodgrovebank\Administrator 1. skip the logon task for that particular virtual machine. In the File menu. and then press Enter. Browse to \\NYC-WEB-D\E\Web Site Backup. 3. click Start | Computer. Type Web Site Backup. On the Lab Launcher. 4. next to 6427A-NYC-WEB2. On NYC-WEB-D. Browse to C:\inetpub\wwwroot. Browse to\\NYC-WEB-D\E\Web Site Backup. 7. click Launch. Web application. right-click. 5.

4 Lab Answer Key: Ensuring Web Site Availability with Web Farms Results: After this exercise. you should have successfully backed up a web site. .

Notice that the IIS 7. Browse to\\NYC-WEB-D\E\Web Site Backup. and then browse to C:\inetpub\wwwroot. On NYC-WEB2. 5. 8. and the aspnet_client folder. Task 1: Restore the Web site. Browse to the networked computer NYC-WEB-D. right-click and then click Paste. on the desktop. Do this by restoring the Web files to a second server and confirm that the second server functions properly. right-click and then click Copy.Lab Answer Key: Ensuring Web Site Availability with Web Farms 5 Exercise 2: Restoring an IIS Web Site Scenario The Enterprise Design Team has asked you to verify that the backups can be restored properly. click Start | Administrative Tools | Internet Information Services (IIS) Manager. Web application. Notice that the folder contains the two IIS 7. Click Start | Computer. 7. 11. In the Connections pane. 6. 2. and then click Default Web Site. iisstart. This exercise’s main task is: • Restore the Web site. Web application. click Browse *:80 (http). In the Actions pane. 9. Exercise Overview In this exercise.png. If the NYC-WEB-D computer is not displayed in the details pane. Browse to C:\inetpub\wwwroot.htm and welcome. . The Microsoft Internet Explorer window opens. Click the notice bar. select all. expand NYC-WEB2 | Sites. 4. and config files from the shared drive. and config files from the shared drive 1.0 default Web site files.0 default page is displayed. 3. students will learn how to restore a Web site. network discovery may be turned off. In the details pane. 10. and then click Turn on network discovery and file sharing.

6 Lab Answer Key: Ensuring Web Site Availability with Web Farms 12. If a Copy File dialog box appears. the default file default. Results: After this exercise.aspx superseded the file iisstart. click Yes. .htm. indicating that you are about to overwrite any files or folders. Notice that the new Web site files are now copied to this location.0 default Web site? Answer: After the Woodgrove Bank Web site files were copied to the second Web server. Question: What process on the Web server led to the Woodgrove Bank Web site being displayed instead of the IIS 7. click the Refresh button. 14. 16. indicating that you are about to overwrite a folder. If a Confirm Folder Replace dialog box appears. Notice that the Woodgrove Bank Web site has been deployed on the second Web server. click Copy and Replace. In Internet Explorer. 13. 15. you should have successfully restored a web site to a second server.

in the Management section. Task 1: Export and Enable Shared Configuration 1. Click OK. The Export Configuration dialog box appears. Exercise Overview In this exercise. 3. In the Physical path field. type Pa$$w0rd. 11. 4. . The Export Configuration dialog box appears indicating that the files were exported successfully. allowing you to export the local configuration files. settings. and encryption keys. In the Password and Confirm password fields. click Export Configuration. 9. In the Physical Path field. click NYC-WEB-D. Click OK. In the Actions pane. In the User name field. 6. type Pa$$w0rd. type \\NYC-WEB-D\E. 10. double-click Shared Configuration. students will learn how to enable shared configuration. In the details pane. In the Encryption keys password and Confirm password fields. 2. click Start | Administrative Tools | Internet Information Services (IIS) Manager. Test the Shared Configuration. select Enable shared configuration. type \\NYC-WEB-D\E. 12. 5. type Woodgrovebank\Administrator. Export and Enable Shared Configuration. implement shared configurations for them. In the Connections pane. Add the second Web server to use the Shared Configuration. In the details pane. 3. 7. This exercise’s main tasks are: 1. 8.Lab Answer Key: Ensuring Web Site Availability with Web Farms 7 Exercise 3: Enabling Shared Configurations Scenario The next step is for increasing Web site availability. Now that you have two identically configured Web servers. 2. On NYC-WEB-D.

click Start. In the User name field. 7. In the Enter encryption key password field. 2. double-click Shared Configuration. Click Start | Administrative Tools Internet Information Services (IIS) Manager. In the Enter encryption key password field. type Pa$$w0rd. In the Connections pane. 17. Click OK. click Apply. in the Connections pane. The Shared Configuration dialog box appears. 15. 21. in the Management section. Select Enable shared configuration. Click OK. type Pa$$w0rd. 6. The Shared Configuration dialog box appears. 19. click NYC-WEB-D. 9. indicating that the current encryption keys were backed up. The Encryption Keys Password dialog box appears. In the details pane. 4. In the Actions pane. Click OK. In the Password and Confirm password fields. indicating that IIS Manager and Management service must be restarted for these changes to be completed. In the Physical Path field. click NYC-WEB2. double-click Management Service. In the Actions pane. The Encryption Keys Password dialog box appears for you to enter the encryption key. type \\NYC-WEB-D\E. click Apply. 3. Close Internet Information Services (IIS) Manager. 22. type Pa$$w0rd. In the details pane. 16.8 Lab Answer Key: Ensuring Web Site Availability with Web Farms 13. Click OK. . In the Actions pane. On NYC-WEB2. 20. 18. Task 2: Add the second Web server to use the Shared Configuration 1. type Woodgrovebank\Administrator. 8. in the Management section. 14. 5. in Internet Information Services (IIS) Manager.

indicating that IIS Manager and Management service must be restarted for these changes to be completed. in the Management section. 16.Lab Answer Key: Ensuring Web Site Availability with Web Farms 9 10. click Start. 13. In the Connections pane. 15. 14. . In the Actions pane. Click Start | Administrative Tools | Internet Information Services (IIS) Manager. The Shared Configuration dialog box appears. Close Internet Information Services (IIS) Manager. Click OK. In the details pane. indicating that the current encryption keys were backed up. Click OK. click NYC-WEB2. double-click Management Service. 12. 11. The Shared Configuration dialog box appears.

double-click Default Document. in Internet Information Services (IIS) Manager.html has been added to the top of the list for the second Web server as well. in the Connections pane. you should have successfully configured a two-server network with an underlying foundation of shared configurations. Notice that the default document test. The Add Default Document dialog box appears to allow us to add a default document to test the shared configuration. in Internet Information Services (IIS) Manager. in the IIS section. double-click Default Document. On NYC-WEB2. In the Actions pane. in the IIS section. Results: After this exercise.html and then click OK. 7. click NYC-WEB2. 4. Question: Why has the default document test. . 5. 2. In the Name field.html has been added to the top of the list for the second Web because both servers are using shared configuration. click Add.html has been added to the top of the list for the second Web server as well? Answer: The default document test. In the details pane.10 Lab Answer Key: Ensuring Web Site Availability with Web Farms Task 3: Test the Shared Configuration 1. in the Connections pane. On NYC-WEB-D. click NYC-WEB-D. 3. In the details pane. type test. 6.

5. students will ensure Web site availability by implementing Network Load Balancing.255. 3. type 255. 7. Make sure the Local Area Connection interface with Interface IP address 10.Lab Answer Key: Ensuring Web Site Availability with Web Farms 11 Exercise 4: Configuring Network Load Balancing Scenario With the two Web servers set up with Shared Configurations. This exercise’s main tasks are: 1.10.10. and then click Connect. In the console pane. 6. type 10. click Start | Administrative Tools | Network Load Balancing Manager.0. 2. Start the process by connecting to the Network Load Balance host computer. The New Clusters: Host Parameter page shows the dedicated IP addresses and the initial host state. 9. The New Clusters: Cluster IP Addresses page allows you to add cluster IP addresses that are shared by every member of the cluster. In the Add IPv4 address field. Click Next. 3. Add the second host to the Network Load Balancing cluster. In the Subnet mask field. Type NYC-WEB-D.0. allowing you to add IPv4 or IPv6 addresses to the cluster. Create a new Network Load Balancing cluster. configure Network Load Balancing to increase Web site availability. right-click Network Load Balancing Clusters and then click New Cluster.27. 4. and then click Next. 2. Verify Network Load Balancing using NLB commands. Make sure the newly added cluster IP address is highlighted. 4. Click Next. The Add IP Address dialog box appears.0. . In the Host field. and then click OK. Task 1: Create a new Network Load Balancing cluster 1. The New Cluster: Connect dialog box appears.0. Add the second server to the Network Load Balancing cluster. Exercise Overview In this exercise.21 is highlighted. On NYC-WEB-D. Click Add. 8.

3. Wait for the operation to complete before continuing.26 is highlighted. The New Clusters: Cluster Parameters page allows you to modify the operation mode of the cluster IP addresses. The Warning dialog box appears. Wait for the operation to complete before continuing. 5. type cluster. and then click Next.12 Lab Answer Key: Ensuring Web Site Availability with Web Farms 10. edit. In the Host field. edit. Type NYC-WEB2. right-click cluster. and then click Network Load Balancing Manager. Task 2: Add the second host to the Network Load Balancing cluster 1. Task 3: Add the second server to the Network Load Balancing cluster 1. 2. The Network Load Balancing Manager window opens and loads the current cluster. On NYC-WEB2. Task 4: Verify Network Load Balancing using NLB commands 1. 4. In the Full Internet name field. Click Finish. Click Finish. presenting a warning about running NLB in Unicast mode.woodgrovebank. .10.com and then click Add Host to Cluster. Make sure that the Priority (unique host identifier) is 2. Wait for the operation to complete before continuing.com. Click Start | Command Prompt. Click Next. Click Start.woodgrovebank. 12. Click Multicast. click Administrative Tools. and remove cluster IP address port rules. The Add Host to Cluster: Connect dialog box appears.0. 2. 13. and remove cluster IP address port rules. 11. and then click Next. Click OK. The New Clusters: Port Rules page allows you to add. Make sure the Local Area Connection interface with Interface IP address 10. The New Clusters: Host Parameter page shows the dedicated IP addresses and the initial host state. In the console pane. Add the second host computer. The New Clusters: Port Rules page allows you to add. and then click Connect.

10. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. Type NLB query 10. Results: After this exercise. . Notice that the NLB command indicates that host 2 has entered a converging state with the cluster.27 and then press Enter. 6. On NYC-WEB-D. The results show very detailed information about the cluster and its current state. 4. Notice that the NLB command indicates that host 1 has entered a converging state with the cluster. you should have successfully configured network load balancing on a two-server network. 7. click Start | Command Prompt. Close each of the running virtual machines. 5.0.27 and then press Enter. 9. with an underlying foundation of shared configurations. Scroll to the top of the displayed information to examine the Configuration section.10. Click the Quit button to exit.Lab Answer Key: Ensuring Web Site Availability with Web Farms 13 2. 3. Type NLB query 10. Type NLB display and then press Enter. 8. Do not save changes so they are reset to default for the next lab.0.

Lab Answer Key: Troubleshooting IIS 7.0 Web Servers 1 Module 10 Lab Answer Key: Troubleshooting IIS 7.0 Web Servers Contents: Exercise 1: Troubleshooting Authentication Exercise 2: Troubleshooting Authorization Exercise 3: Troubleshooting Communication Exercise 4: Troubleshooting Configuration 2 5 8 10 .

NYC-WEB-E User Name: Woodgrovebank\Administrator Password: Pa$$w0rd Estimated time: 60 minutes Exercise 1: Troubleshooting Authentication Scenario You receive a service request asking to resolve a user issue. Start the 6427A-NYC-WEB-E virtual machine and log on as Woodgrovebank\Administrator. Reproduce the issue and examine the detailed error. 5. 3. Examine the log file.0 Web Servers Logon Information: • • • Virtual Machine: NYC-DC1. 4. The passwordprotected intranet site is accessed by domain users within the company.2 Lab Answer Key: Troubleshooting IIS 7. you will troubleshoot an authentication issue using IIS logs and detailed error messages. This exercise’s main tasks are: 1. 7. Using logs and detailed error messages. you must resolve the problem. 2. . Resolve the issue and test functionality. 6. Browse to http://localhost/salessupport. Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator. but is not allowing access to anyone.0 Web Servers Lab: Troubleshooting IIS 7. Exercise Overview In this exercise. Enable Detailed Error Messages.

3. 3. Close Notepad. Browse to http://localhost/salessupport. 4. click Launch.Lab Answer Key: Troubleshooting IIS 7. Log on to NYC-WEB-E as Woodgrovebank\Administrator with the password of Pa$$w0rd. Task 4: Examine the log file 1. 2. On NYC-WEB-E. click Start | All Programs | Internet Explorer. 2. Notice that the status is 401 and substatus is 2. Log on to NYC-DC1 as Woodgrovebank\Administrator with the password of Pa$$w0rd. Task 5: Enable Detailed Error Messages 1.0 Web Servers 3 Note: If you have already logged on to a virtual machine. Double-click the most recent log file. Task 3: Browse to http://localhost/salessupport 1. On the Lab Launcher. 2. Click Start | Computer and then browse to C:\inetpub\logs\LogFiles\W3SVC1. The Notepad window opens. Notice the Server Error: 401 – Unauthorized message. . skip the logon task for that particular virtual machine. next to 6427A-NYC-DC1. next to 6427A-NYC-WEB-E. Task 1: Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator 1. On the Lab Launcher. Click Start | Administrative Tools | Internet Information Services (IIS Manager). Scroll to the far right and examine the last entries in the log file. 2. click Launch. The Windows Internet Explorer window opens. Task 2: Start the 6427A-NYC-WEB-E virtual machine and log on as Woodgrovebank\Administrator 1.

Task 6: Reproduce the issue and examine the detailed error 1. 8. 4. Notice that you are prompted for credentials. and all other authentication methods are Disabled. . click Basic Authentication. in the IIS section. browse to http://localhost/salessupport. In Internet Explorer. The Edit Error Pages Settings dialog box appears. Notice the detailed error message reports HTTP Error 401. Results: After this exercise. In Internet Information Services (IIS) Manager. In the Connections pane. click SalesSupport. 4. type Yvonne. Close Internet Explorer. in the IIS section.2 . 10. Notice that all authentication methods are Disabled. 6. expand NYC-WEB-E | Sites | Default Web Site and then click SalesSupport. In the Actions pane. In the details pane. 9. In the details pane. click Edit Feature Settings. In the details pane. For User name. In the details pane. 3. and resolved the authentication issue. 5. you should have successfully examined the IIS log files. In the Actions pane. click Enable. 3. 5. enabled detailed error messages. 11. 7. double-click Authentication. Click Detailed errors for local requests and custom error pages for remote requests.0 Web Servers 2. Task 7: Resolve the issue and test functionality 1. For Password type Pa$$w0rd and then click OK. Notice the first cause is No authentication protocol (including anonymous) is selected in IIS. notice that Basic Authentication is Enabled. 3. Notice that the SalesSupport application now loads without error.Unauthorized. and then click OK. 2. Scroll down to Most likely causes. In Internet Explorer. double-click Error Pages. browse to http://localhost/salessupport. 2.4 Lab Answer Key: Troubleshooting IIS 7.

Task 1: Browse to http://localhost /salessupport2 1. In the Actions pane. You must reproduce the issue. 3. In the Connections pane. Reproduce the issue and examine the Failed Request Tracing log. This exercise’s main tasks are: 1. click Failed Request Tracing. Task 2: Enable Failed Request Tracing and add a rule to trace successful requests 1.Lab Answer Key: Troubleshooting IIS 7. Exercise Overview In this exercise. click Default Web Site. you will troubleshoot authorization using Failed Request Tracing. The Edit Web Site Failed Request Tracing Settings dialog box appears. in Internet Explorer. determine the cause. Enable Failed Request Tracing and add a rule to trace successful requests. . click SalesSupport2. and resolve the issue. In Internet Information Services (IIS) Manager. in the Connections pane. 4. 2.0 Web Servers 5 Exercise 2: Troubleshooting Authorization Scenario You receive another service request to secure another Web site where all users are able to view the content. Select Enable. Browse to http://localhost/salessupport2. 3. 4. Close Internet Explorer. browse to http://localhost/salessupport2. 2. and then click OK. On NYC-WEB-E. Notice that you are not prompted for credentials and the page loads without error. Resolve the issue and verify functionality. 3. 2.

9. type 200. 5. Scroll down and examine the lines that begin with AUTH_SUCCEEDED and USER_SET. 8. Under Status code(s). 2. . Question: Why do we use status code 200 for this issue? Answer: Status code 200 is used for a successful page load in IIS. If prompted to add the site to the Trusted sites zone. clear ASP and ISAPI Extension. In the details pane. In Internet Explorer. The Add Failed Request Tracing Rule dialog box appears. click Add twice and then click Close. Close Internet Explorer. Click the Compact View tab. Task 3: Reproduce the issue and examine the Failed Request Tracing log 1.6 Lab Answer Key: Troubleshooting IIS 7. in the IIS section. 10.xml. 4. 8. Since anonymous authentication happens successfully. 6. Notice that the authorized user is “”. users are not being prompted to enter credentials. Click Finish. Under Providers.0 Web Servers 5. In the Actions pane. In Windows Explorer. Since the page is loading without error. browse to http://localhost/SalesSupport2. and then click Next. click Add. 6. browse to c:\inetpub\logs\FailedReqLogFiles\W3SVC1. notice that Authentication is anonymous. Click Next. we must use the status code 200 to trace the issue. Leave ASPNET and WWW Server checked. 7. 7. Question: What did we learn from the Failed Request Tracing log? Answer: Anonymous users are being allowed to access the site. 3. double-click Failed Request Tracing Rules. Double-click fr000001. Under Request Summary.

0 Web Servers 7 Task 4: Resolve the issue and verify functionality 1. type Pa$$w0rd and then click OK. 6. Notice that both Anonymous Authentication and Basic Authentication are Enabled. 12. Click Anonymous Authentication. 14. in the IIS section. 15. 5. 17. For User name. In the details pane. double-click Authentication. 3. 9. In Internet Explorer. click Anonymous Users. Browse to http://localhost/salessupport2. In the Connections pane. in the Connections pane. click Disable. Click Yes. When prompted for credentials. In Internet Information Services (IIS) Manager.Lab Answer Key: Troubleshooting IIS 7. click SalesSupport2. The Confirm Remove dialog box appears. In the details pane. In the details pane. 8. Notice that you get a 401 – Unauthorized message. 16. in the IIS section. . double-click Authorization Rules. Results: After this exercise. 7. In the Actions pane. click Remove. For Password. 4. Notice that the SalesSupport2 application loads without error. you should have successfully enabled failed request tracing. type Yvonne. click SalesSupport2. In the Actions pane. 18. 10. 13. and resolved the authorization issue. 2. Close Internet Explorer and open it again to create a new session. Notice that Anonymous Users are Allowed. leave both fields blank and click OK three times. 11. Notice that you are prompted for credentials. browse to http://localhost/salessupport2. 19.

3. 2. Use Ping to verify communication with the Web server. 2. 4.8 Lab Answer Key: Troubleshooting IIS 7. Reproduce the issue. Click Start | Command Prompt. Task 1: Reproduce the issue 1. . Notice that the ping succeeds indicating that NYC-DC1 and NYC-WEB-E are communicating. 3.0 Web Servers Exercise 3: Troubleshooting Communication Scenario Users are reporting that a Web application is returning an error when they try to browse to it. Enable detailed errors and examine the detailed error. Exercise Overview In this exercise. 2. On NYC-DC1. 3. This exercise’s main tasks are: 1. Type ping NYC-WEB-E and then press Enter. Notice the 500 – Internal server error message. Task 2: Use Ping to verify communication with the Web server 1. The Windows Internet Explorer window opens. you will troubleshoot communication using tools. click Start | All Programs | Internet Explorer. Browse to http://nyc-webe/netapp/content. You must troubleshoot why the Web application cannot open the content. Correct the problem and verify functionality.

In Internet Explorer. Task 4: Correct the problem and verify functionality 1. Internet Information Services (IIS) Manager. in the IIS section. click Edit Feature Settings. Next to Config File. 5. 4. The Advanced Settings dialog box appears. Next to Config Error. 8. 3. click NYC-WEB-E. and resolved the error. double-click Error Pages. In the Actions pane.0 Web Servers 9 Task 3: Enable detailed errors and examine the detailed error 1. notice the message Cannot read configuration file because the network path is not found. 5. 7. 4. In the details pane. notice the path has nyc-weeb-e for the server name. in Internet Information Services (IIS) Manager. 2. . in the Connections pane. expand NetApp and then click Content. and then click OK. 3. enabled detailed error messages. Notice the 500. On NYC-WEB-E.19 error. you should used ping to verify communication. in the Connections pane. In the Physical Path field. click Advanced Settings. Notice that the IIS Welcome page appears and there is no error message. In the Actions pane. browse to http://localhost/netapp/content.Lab Answer Key: Troubleshooting IIS 7. Results: After this exercise. Click Detailed errors. 6. modify the path to read \\nyc-web-e\content. 2. and then click OK. browse to http://localhost/netapp/content. In Internet Explorer. The Edit Error Pages Settings dialog box appears.

10 Lab Answer Key: Troubleshooting IIS 7.4 – Not Found message. . Click Notepad. Task 1: Reproduce the issue and examine the detailed error message 1. Double-click web. in Internet Explorer. In Windows Explorer. 2.jpg. On the Windows dialog. Reproduce the issue and examine the detailed error message. In the Most likely causes section. This exercise’s main tasks are: 1.config file 1. you will troubleshoot configuration using detailed error messages. 2. 3. 2.config.0 Web Servers Exercise 4: Troubleshooting Configuration Scenario Users are reporting they receive multiple errors when trying to view JPG files that previously worked. browse to http://localhost/pics/logo. On NYC-WEB-E. and then click OK. Task 2: Examine and correct the web. You know that multiple people have the ability to modify this site including Web. 3. Verify functionality. and then click OK. browse to C:\Pics. 3. notice that the most likely cause is The file extension for the requested URL does not have a handler configured to process the request on the Web server.config and related files.config file. click Select a Program from a list of installed programs. Exercise Overview In this exercise. Examine and correct the web. Notice the HTTP Error 404.

Notice that the Woodgrove Bank logo now appears successfully. Task 3: Verify functionality 1. 3. Modify the line so that the path attribute correctly reads “*. and resolved the error.jgp”. 2. browse to http://localhost/pics/logo. 7.jpg. examined the detailed error message. 5.Lab Answer Key: Troubleshooting IIS 7. 6. Notice that the path attribute is set to “*. Click the Quit button to exit. Results: After this exercise. In Internet Explorer. Do not save changes so they are reset to default for the next lab. click Save. Close Notepad. . Close each of the running virtual machines.0 Web Servers 11 4. Note: After you have completed the lab exercises closing the VM’s and selecting undo disk is not required for hosted labs. you should have reproduced the problem.jpg”. On the File menu. Notice that the <handlers> section contains a line for handling static files. The Notepad window opens.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.