Administration of an IIS 7.0 Web Server • Chapter 16 827 The syntax for creating a new application pool is the following: appcmd add apppool /name:appPoolName In the preceding case, appPoolName specifi es the name of your new application pool. By default, IIS adds application pools that run integrated managed pipeline mode and use .NET Framework version 2.0 for managed code execution. Otherwise, you can specify the .NET Framework version and managed code request-processing mode. To add an application pool to a Web server with different settings, use the following: appcmd add apppool /name:appPoolName /managedRuntimeVersion:dotNetVersion /managedPipelineMode:pipelineMode In this example, dotNetVersion equals the .NET Framework version the application pool runs. The possible options are v1.0, v1.1, v2.0, or blank for no managed code support. Lastly, we set the application pool to run in either IIS 7.0’s new pipelineMode as Integrated or the IIS 6.0 with ASP.NET mode called Classic. Enter the following command to create an application pool that does not run managed code and uses classic mode: appcmd add apppool /name:ClassicASPApp /managedRuntimeVersion: /managedPipelineMode:Classic Notice /managedRuntimeVersion: is followed by a blank (space). Managing Backups IIS 7.0 confi guration data stored in the administration.confi g, applicationHost.confi g, metabase.xml, and mbschema.xml fi les should be routinely backed up to provide quick and simple recovery to a known state or to recover from an unexpected loss. The metabase.xml and mbschema.xml fi les support IIS 6.0 compatibility and/or the FTP service and exist if one or both of these IIS features are selected. While the Web application and web.confi g fi les are normally under version control, the IIS 7.0 confi guration backup fi les could also be version controlled to aid deployment and to track changes. The AppCmd’s BACKUP statement allows you to easily manage server confi guration data by copying the current confi guration fi les to the specifi ed backup folder. To view BACKUP command syntax, execute: C:\Windows\System32\inetsrv>AppCmd Backup /? The syntax when using AppCmd and using the object Backup is the following: APPCMD (command) BACKUP <identifi er> <-parameter1:value1 > The supported verbs (or commands) include the following: List Lists existing confi guration backups Add Creates a confi guration backup Delete Deletes a confi guration backup Restore Restores a confi guration backup 828 Chapter 16 • Administration of an IIS 7.0 Web Server Creating a Backup To create an IIS confi guration backup in a subfolder named MyFirstBackup, execute the following: AppCmd Add Backup “MyFirstBackup” To create a backup folder named according to the current date and time, execute: AppCmd Add Backup This creates the folder, C:\Windows\System32\inetsrv\backup\20070325T191919\ into which the confi guration fi les are copied. Managing Existing Backups To List existing backups, execute: AppCmd List Backup To delete a backup named, MyFirstBackup, execute: AppCmd Delete Backup “MyFirstBackup” To restore a backup named, 20070325T191919, execute: AppCmd Restore Backup “20070325T191919” By default, Restore Backup stops IIS, overwrites the confi guration fi les, and completes by restarting IIS services. You can prevent the restart by adding /stop:false to the Restore Backup command. Otherwise, other IIS components will detect confi guration changes automatically without a restart. Making Confi guration Changes with AppCmd.exe AppCmd can quickly list your current, or default, confi guration for sections or section groups. It can fi nd unique information in the confi guration or go further, such as to modify the confi guration setting for a particular, granular setting. Furthermore, it can help migrating customers solve problems with their ASP.NET applications by migrating their applications over to IIS 7.0 for use in the new integrated mode. As you can see, the list is long but powerful and this section will demystify much of that by opening your world to all new horizons. Modifying Sections Using AppCmd.exe Sections and section groups play an important role in the IIS 7.0 confi guration as we have already learned. If you need to modify these confi guration settings you can easily do so using AppCmd. As with any usage of AppCmd.exe, you can view the syntax for modifying confi guration using AppCmd’s help for confi guration. To view confi guration object help, do the following: Appcmd confi g /? Administration of an IIS 7.0 Web Server • Chapter 16 829 The confi guration stack in IIS 7.0 is complex and because of this, AppCmd has an extensive list of verbs to support this complexity. AppCmd.exe is the Swiss army knife for the confi guration allowing just about any action capable of being performed against the confi guration stack. This is why it is important to quickly reference all of the verbs to familiarize you with them and their function. The following table will show the verbs and their description: Verb Description List Lists the current confi guration sections Set Writes the confi guration to the appropriate section Search Finds the confi guration paths where setting(s) are defi ned Lock Locks the confi guration section Unlock Unlocks the confi guration section Clear Clears the confi guration section Reset Clears the current confi guration and set to default values Migrate Migrates a legacy confi guration to IIS 7.0 In our case, we will start simply by listing confi guration sections’ settings and then follow up by modifying this same section to another value. SOME INDEPENDENT ADVICE The confi guration in IIS 7.0 is tightly tied to the IIS 7.0 schema. If you are unfamiliar with the confi guration section or attributes you desire to change, start with the IIS schema fi le. The IIS schema provides not only the element names but also their possible settings, such as strings, dwords, and so on. The IIS schema fi le is located in %windir%\system32\inetsrv\confi g\schema. To list the current settings for the confi guration section authentication, input the following: Appcmd list confi g /section:windowsAuthentication This will return you to the XML section information for the section you asked for based on its location. In our example, it will return the status for the section windowsAuthentication, as shown next: 830 Chapter 16 • Administration of an IIS 7.0 Web Server <system.webServer> <security> <authentication> <windowsAuthentication enabled=“false”> <providers> <add value=“Negotiate” /> <add value=“NTLM” /> </providers> </windowsAuthentication> </authentication> </security> </system.webServer> SOME INDEPENDENT ADVICE To successfully set section values, such as windowsAuthentication at a specifi c path like “Default Web Site/” requires delegation for that section to be enabled. By default, only four sections are unlocked on Windows Vista and they do not include the authentication section group. To unlock the entire group, or just the individual section (such as windowsAuthentication), you must change the allowOverride value in the confi guration. You can do this using any of the administration tools. To allow this example given, unlock this section using IIS Manager. You can do this by opening the Feature Delegation area at the server level and changing windowsAuthentication to Read \Write in the Actions pane. After your testing is done, it is suggested you then re-lock the section unless you have a specifi c business need justifying it to be open. To do so, simply change the feature to read-only and it will be locked again. In our case, we would like to enable Windows Authentication for the Default Web Site to support our Web application. Using AppCmd.exe, simply issue the following command: Appcmd set confi g “Default Web Site/” /section:windowsAuthentication /enabled:true This would effectively enable Windows Authentication for the Default Web Site. Modifying Attributes Using AppCmd.exe It becomes necessary to sometimes go lower than within a section and set a particular attribute. This is a low-level confi guration setting defi ning a particular section, such as authPersistSingleRequest for the windowsAuthentication section. Using AppCmd.exe, you can modify this value using the following syntax: Appcmd set confi g Administration of an IIS 7.0 Web Server • Chapter 16 831 Moving ASP.NET 2.0 Applications to IIS 7.0 Using AppCmd As mentioned earlier, AppCmd.exe provides a convenient method for helping users move to IIS 7.0’s new integrated mode. By default, ASP.NET confi guration typically had confi guration sections called httpModules and httpHandlers, while IIS used ScriptMaps and Isapi fi lters. The new integrated nature of IIS 7.0 with ASP.NET 2.0 combines these similar functioning features into a consolidated list called modules and handlers. In some situations, a developer might deploy their custom module or handler in their web.confi g in IIS 6.0 using the old section name (e.g., httpModules or httpHandlers). This will cause a failure when using IIS 7.0 if the application pool is running in integrated mode. To correct this, AppCmd.exe can fi nd use of these old section names and make the correct modifi cations to integrate them with IIS 7.0’s modules and handlers sections. To correct a problem with the ASP.NET confi guration for use in IIS 7.0 using AppCmd, do the following: Appcmd migrate confi g “Default Web Site/” /section:httpModules In this example, we would migrate for the root application for the Default Web Site any confi guration defi ned for httpModules to the IIS 7.0 confi guration section modules. This would allow an application to run in Integrated mode; otherwise, the confi guration itself would fail and require Classic mode. Viewing IIS 7.0 Runtime Data Using AppCmd Particular pieces of data aren’t stored, or persisted, in a fi le, yet are still very important to many system administrators. This data comes as part of IIS 7.0’s runtime information as well as the controls. You might, for example, be looking for the currently running sites on a particular server—no problem. On the other hand, you could be interested in shutting down a site for maintenance, yet not forcefully do so, and need to pause it. This data isn’t stored in a single fi le somewhere; nevertheless, it is there and very much real. In this section, we will help you understand how to effectively view, set, or change this volatile data stored in the W3SVC service. Viewing Currently Executing Requests with AppCmd As we learned earlier, IIS 7.0 comes with some powerful diagnostics features that the administration tools can take advantage. The fi rst nice functionality is the ability to review the currently executing requests occurring in an IIS worker process. This is exposed using the request object and has the following syntax: APPCMD list REQUESTS <identifi er> <-parameter1:value1 > The identifi er and parameter values will help you narrow down the command to locate the specifi c type of requests you want to see. To see all currently executing requests in all IIS application pools, enter the following: Appcmd list requests . modules and handlers. In some situations, a developer might deploy their custom module or handler in their web.confi g in IIS 6.0 using the old section name (e.g., httpModules or httpHandlers) mbschema.xml fi les support IIS 6.0 compatibility and/ or the FTP service and exist if one or both of these IIS features are selected. While the Web application and web.confi g fi les are normally under version. folder. To view BACKUP command syntax, execute: C:WindowsSystem32inetsrv>AppCmd Backup /? The syntax when using AppCmd and using the object Backup is the following: APPCMD (command) BACKUP <identifi