Microsoft Windows Server 2003 Deployment Kit—Deploying Microsoft Internet Information Services (IIS) 6.0 [Electronic resources] نسخه متنی

Performing the Upgrade

Before upgrading your existing server to Windows Server 2003 and IIS 6.0, you must back up the server, verify that clients are not accessing Web sites on the server, and optionally prevent the WWW service from being disabled. Then upgrade the Web server to Windows Server 2003 and IIS 6.0. Finally, verify that the upgrade to Windows Server 2003 completed successfully.

Figure 5.3 illustrates the process for performing to upgrade an IIS server to IIS 6.0.

Figure 5.3: Performing the Upgrade

Backing Up the Server

Before you change any of the configuration settings on the existing Web server, perform a complete image backup. The purpose of this image backup is to provide a point-in-time snapshot of the Web server. If unforeseen problems occur during the upgrade, you can use this backup to restore the Web server to a known configuration.

For more information about how to back up the Web server, see "Back Up and Restore the Web Server to a File or Tape" in "IIS Deployment Procedures" in this book.

Verifying That Clients Are Not Accessing Web Sites

Before you upgrade the existing server, ensure that no active client sessions are running. Upgrading the server without doing this can result in abnormally terminated client processes and a loss of information.

Verify that clients are no longer accessing Web or File Transfer Protocol (FTP) sites by completing the following steps:

Prevent new clients from accessing the sites by pausing the sites.

For more information about how to pause Web or FTP sites, see "Pause Web or FTP Sites" in "IIS Deployment Procedures" in this book.

Enable monitoring of active Web and FTP connections.

For more information about how to monitor the active Web and FTP connections, see "Monitor Active Web and FTP Connections" in "IIS Deployment Procedures" in this book.

When the number of active Web and FTP counters is zero, disable the network adapter that clients use to access the Web server.

For more information about how to disable the network adapter used by clients, see "Disable Network Adapters" in "IIS Deployment Procedures" in this book.

Preventing the WWW Service from Being Disabled

Earlier in the deployment process, you selected the method for enabling the WWW service after upgrading from a server running Windows 2000 Server and IIS 5.0. If you decided to prevent the WWW service from being disabled after completion of the upgrade, you must do one of the following:

Modify the registry or unattended setup script.

Run the IIS Lockdown Tool.

Modifying the Registry or Unattended Setup Script

Prevent the WWW service from being disabled during upgrade by doing one of the following:

Create the registry entry do_not_disable in the subkey HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\RetainW3SVCStatus as data type REG_DWORD with a value of 0x1. For more information about how to configure the registry, see "Configure the Registry" in "IIS Deployment Procedures" in this book.

Include the entry "DisableWebServiceOnUpgrade = False" in the [InternetServer] section in an unattended installation script.

Running the IIS Lockdown Tool

The IIS Lockdown Tool is designed to help secure earlier versions of IIS by doing the following:

Preventing the WWW service from being disabled after upgrade on Web servers that are currently running Windows 2000 Server and IIS 5.0. Disabling the WWW service prevents any Web sites or applications from functioning.

Helping to secure the existing Web server by disabling or removing unnecessary features that are present in IIS 4.0 and IIS 5.0 installations. These features would otherwise remain on the Web server after upgrading, leaving it vulnerable to attacks.

The IIS Lockdown Tool works by turning off unnecessary features, thereby reducing the attack surface that is available to malicious users. To provide multiple layers of protection for an in-depth defense against potential attackers, the IIS Lockdown Tool includes UrlScan and customized security templates based on supported server roles.

Custom Server Configurations with the IIS Lockdown Tool

The IIS Lockdown Tool secures the existing IIS server by performing one or more of the following user-specified transactions:

Enabling or disabling IIS services such as the WWW service, the FTP service, or the Simple Mail Transfer Protocol (SMTP) service

Removing services that are disabled

Disabling active Active Server Pages (ASP) applications on the server

Disabling optional components, including:

Index Server Web interface

Server-side includes (SSI)

Internet Data Connector (IDC)

Internet printing

HTR scripting

WebDAV

Disabling anonymous user access to the server by denying:

Execute permissions on the operating system executables and DLLs

Write permissions on all Web site content directories

Removing unnecessary virtual directories, including:

IIS Samples

Scripts

Microsoft Data Access Components (MDAC)

IIS Admin

Installing UrlScan

Server Roles in the IIS Lockdown Tool

Depending upon the applications that you are hosting and the software that you are using on the existing IIS server, select the server role that most closely corresponds to the server you are upgrading. The IIS Lockdown Tool uses the specified server role to determine the appropriate actions to configure the existing IIS server.

Regardless of the server role selected, UrlScan is not required for the purposes of upgrade. UrlScan can be installed by using the IIS Lockdown Tool or separately. For more information about determining whether you need to run UrlScan after upgrade, see "Determining Whether to Run the IIS Lockdown Tool and UrlScan" later in this chapter.

The server roles that are included in the IIS Lockdown Tool include the following:

Small Business Server for Windows NT Server 4.0

Small Business Server 2000

Exchange Server 5.5

Exchange Server 2000

Microsoft SharePoint™ Portal Server

FrontPage Server Extensions

SharePoint Team Services

BizTalk Server 2000

Commerce Server 2000

Proxy Server

Static Web server

Dynamic Web server (ASP-enabled)

Server that does not require IIS

Other (a server that does not match any of the roles in this list)

Each of the server roles in the IIS Lockdown Tool secures the Web server by performing a different combination of the security configuration changes listed earlier. For example, if you select the Exchange Server 2000 (OWA, PF Management, IM, SMTP, NNTP) server role, then FTP is disabled, and SMTP and NNTP are enabled. However, if you select the SharePoint Portal Server, server role then FTP, SMTP, and NNTP are disabled. To determine the configuration performed by each server role, review the contents of the IisLockd.ini file in the same folder that contains the IIS Lockdown Tool.

After running the IIS Lockdown Tool, thoroughly test the server before upgrading to ensure that your Web sites and applications function as they did before. If you find that the configuration settings adversely affect your applications, run the IIS Lockdown Tool again to undo the changes that were made. If you are uncertain whether the IIS Lockdown Tool has been run on the server, you can run the tool again without adversely affecting the system.

Administrators can run the IIS Lockdown Tool unattended, allowing consistent configuration across many servers through unattended scripts. For more information about running the IIS Lockdown Tool unattended, see RunLockdUnattended.doc, which is located in the folder that contains the files for the IIS Lockdown Tool.

To download the latest version of the IIS Lockdown Tool, see the IIS Lockdown Tool link on the Web Resources page at [http://www.microsoft.com/windows/reskits/webresources].

Upgrading the Server to IIS 6.0

The upgrade process from IIS 4.0 or IIS 5.0 to IIS 6.0 completes with minimal interaction because the majority of the IIS 4.0 or IIS 5.0 settings are retained. After the upgrade is complete, the Web sites and applications typically function as they did before the upgrade.

The upgrade process runs a number of compatibility tests before actually performing the upgrade. The compatibility tests relate directly to IIS 6.0 and determine the following:

Whether system volume for the server is formatted with the NTFS file system

Whether the IIS Lockdown Tool has been run on the server

Whether the existing server is currently a node in a Microsoft server cluster

A dialog in the Windows Server 2003 upgrade notifies you if any potential compatibility issues exist. After reviewing the potential compatibility issues, you can abort the upgrade process and resolve the compatibility issues, or you can continue the process. None of the compatibility issues prevent the upgrade process from completing.

Verifying That the Operating System Upgrade Was Successful

In most cases, the upgrade process completes without any difficulties. However, before continuing with the upgrade process, verify that the operating system was upgraded successful by completing the following steps:

Open systemroof\Setuperr.log in Notepad and search for "IIS" to determine if any IIS-related errors occurred.

During the upgrade process, the Windows Server 2003 upgrade creates an error log file (Setuperr.log) for the entire Windows Server 2003 operating system that records any errors encountered during upgrade. In addition to resolving any IIS related-problems encountered during upgrade, resolve any other upgrade problems listed in Setuperr.log before continuing with the upgrade process.

If you find any IIS-related errors, open systemroot\Iis6.log in Notepad and search the log file for "fail" to determine the source of the errors.

During the upgrade of the IIS components, the Windows Server 2003 upgrade creates an IIS-specific log file, Iis6.log in the systemroot folder that records any IIS-specific errors encountered during upgrade. Iis6.log entries with the word "fail" reflect problems encountered during the upgrade process. Review Iis6.log and resolve the problems encountered during upgrade before continuing further in the upgrade process.

Resolve any operating system upgrade-related problems before continuing further in the upgrade process. Subsequent steps in the upgrade process, such as moving the applications to worker process isolation mode, are dependent upon these issues being resolved.

Backing Up the IIS 6.0 Metabase

Metabase backups created with IIS 4.0 or IIS 5.0 cannot be restored on IIS 6.0. As a result, you cannot use any existing metabase backups of the Web server after the upgrade. After you have verified that IIS 6.0 hosts Web sites and applications as it did before the upgrade, back up the metabase before continuing with the upgrade process.

The remaining steps in the upgrade process focus on hosting the Web sites and applications in worker process isolation mode. Before changing the IIS configuration to worker process isolation mode, verify that you have a backup of the current IIS configuration by backing up the metabase.

In the event that an unforeseen problem occurs while you are configuring IIS 6.0 to run the applications in worker process isolation mode, you can restore the applications to a known operational state. This will provide a known starting place from which to retry the configuration of the server.

For information about how to back up the IIS 6.0 metabase, see "Back Up and Restore the IIS Metabase" in "IIS Deployment Procedures" in this book.