6427 a lab manual

8/9/2019 6427 a Lab Manual

1/170

8/9/2019 6427 a Lab Manual

2/170

Information in this document, including URL and other Internet Web site references, is subject to change without notice.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people,

places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain

name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright

laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be

reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,

mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft

Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject

matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this

document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no

representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the

products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of

Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of

Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any

changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from

any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply

endorsement of Microsoft of the site or the products contained therein.

© 2008Microsoft Corporation. All rights reserved.

Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/orother countries.

All other trademarks are property of their respective owners.

Product Number: 6427A

Part Number: X14-69082

Released: 12/2007

8/9/2019 6427 a Lab Manual

3/170

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server 1

Module 1

Lab Instructions: Configuring an Internet InformationServices 7.0 Web Server

Contents:

Exercise 1: Installing IIS Using Role Manager 2

Exercise 2: Installing IIS Using Unattended Setup 4

Exercise 3: Installing IIS on Server Core from Command Line 5Exercise 4: Configuring IIS and Validating Functionality 6

8/9/2019 6427 a Lab Manual

4/170

2 Lab Instructions: Config ring an Internet Inf rmation Services 7. Web Server

ab: Co figuri g an II 7.0

E

S

Y

si

a

EIn

T

1.

2.

3.

T

•

T

•

T

•

•

xercise 1:

cenario

u receive a s

tes and Web

plication tha

ercise Ove this exercise,

is exercise’s

Start the 6

Turn on N

Install the

ask 1: Start

Start 6427

ask 2: Turn

Open Netnetworks.

ask 3: Instal

Use Server

Test functi

Installing

rvice request

pplications. O

needs to be

rviewyou will learn

ain tasks are:

27A-NYC-SV

twork Discov

eb server rol

the 6427A-

-NYC-SVR1,

on Network

ork and Sha

l the Web s

Manager to

nality by load

IIS Using

from the Ente

ne of the co

osted in IIS7.

how to install

1 virtual mac

ry.

e.

YC-SVR1 v

and log on as

Discovery

ring Center a

rver role

add the Web

ing http://lo

eb Ser er

Role Man ger

rprise Design

panies acquir

Team to prep

ed by Woodg

are three We

rove Bank has

servers to ho

a classic ASP

st Web

IIS 7.0 using ole Manager..

hine and log n as LocalAd in.

irtual machine and log on as Local dmin

LocalAdmin with the pass ord of Pa$$ 0rd.

nd turn on N

Server (IIS) r

alhost in the

twork Disco

le and ASP a

browser.

ery and File Sharing for all public

s a required s rvice.

http://localhost/http://localhost/http://localhost/

8/9/2019 6427 a Lab Manual

5/170


Results: After this exercise, you should have successfully verified that the Web Server (IIS) role isinstalled and loaded the IIS Welcome page in Internet Explorer.

8/9/2019 6427 a Lab Manual

6/170

4 Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Exercise 2: Installing IIS Using Unattended Setup

Scenario

Now you will set up the second IIS Web server to host the new ASP.NET application. You will install IIS by

creating an Unattend.XML file based on the example given on the student CD by modifying it to only

install the features needed. This will be an ASP.NET application server and will need to have all security,compression and caching features installed so that development can experiment with configuration.

Exercise Overview

In this exercise, you will learn how to install IIS using unattended setup.

This exercise’s main tasks are:

1. Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin.

2.

Turn on Network Discovery.

3.

Create the Unattend.XML file by copying the default XML file provided and removing unnecessary

features.

4. Install IIS using Pkgmgr with the Unattend.XML file and verify once completed.

Task 1: Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin

•

Start 6427A-NYC-SVR3, and log on as LocalAdmin with the password of Pa$$w0rd.

Task 2: Turn on Network Discovery

• Open Network and Sharing Center and turn on Network Discovery and File Sharing for all publicnetworks.

Task 3: Create the Unattend.XML file by copying the default XML file provided and

removing unnecessary features

1. Open E:\mod01\labfiles\unattend.xml in Notepad and delete the following lines:

2. Save the modified file to c:\unattend.xml.

Task 4: Install IIS using Pkgmgr with the Unattend.XML file and verify once completed

1.

Start /w pkgmgr /n:unattend.xml to install IIS.

2. Verify installation by using the command echo %errorlevel%.

3. Use Server Manager to verify that the Web server role is installed, and open http://localhost in the

browser.

Results: After this exercise, you should have successfully installed IIS using an unattend file andverified the IIS Welcome page.

http://localhost/http://localhost/

8/9/2019 6427 a Lab Manual

7/170


Exercise 3: Installing IIS on Server Core from Command Line

Scenario

The final server you will install is a Server Core Web server that will act primarily as a redirection server to

the ASP server.

Exercise OverviewIn this exercise, you will learn how to install IIS via the command line in a Server Core environment.


1.

Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator.

2.

Disable the firewall.

3.

Install IIS from the command line.

Task 1: Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator

• Start 6427A-NYC-SVR2, and log on as Administrator with the password of Pa$$w0rd.

Task 2: Disable the firewall

•

On NYC-SVR2, in the command prompt window, type netsh firewall set opmode disable and pressEnter.

Task 3: Install IIS from the command line

1. Type the following and then press Enter. Note that the feature names are case-sensitive:

Start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-

StaticContent;IIS-DefaultDocument;IIS-HttpErrors;IIS-HttpRedirect;WAS-

WindowsActivationService;WAS-ProcessModel

• When the process completes, type echo %errorlevel%, and then press Enter.

2. On NYC-SVR1, in Internet Explorer, browse to http://nyc-svr2 to verify functionality.

Results: After this exercise, you should have successfully installed IIS on Microsoft® Server 2008 ServerCore from the command line and verified by loading the IIS Welcome page from another machinerunning Internet Explorer.

http://nyc-svr2/http://nyc-svr2/

8/9/2019 6427 a Lab Manual

8/170

6 Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Exercise 4: Configuring IIS and Validating Functionality

Scenario

With the three Web servers installed, configure each as necessary to perform its function.

Exercise OverviewIn this exercise, you will configure common IIS features and validate functionality.


1.

Configure NYC-SVR1 for ASP debugging, detailed error messages, HTTP compression and SMTP

Service.

2.

Configure NYC-SVR3 to trace server errors, enable directory browsing, enable windows authentication

and impersonation, configure UDDI, and enable dynamic output compression.

3.

Configure NYC-SVR2 to have no default documents, and redirect requests to NYC-SVR1.

Task 1: Configure NYC-SVR1 for ASP debugging, detailed error messages, and HTTP

compression

1.

On NYC-SVR1, in Internet Information Services (IIS) Manager, under ASP Compilation settings,

enable Client-side and Server-side debugging. Enable Send Errors to Browser.

• Under HTTP Response Headers, set Expire Web Content.

• Under Compression, enable Static Content Compression.

• Under Error Pages, enable Detailed error messages.

2. On NYC-SVR3, in Internet Explorer, browse to a page on NYC-SVR1 that does not exist, such as

http://nyc-svr1/default.asp to check error functionality.

Task 2: Configure NYC-SVR3 to trace server errors, enable directory browsing, enable

windows authentication and impersonation, configure UDDI, and enable dynamic

output compression and SMTP

1.

On NYC-SVR3, in Internet Information Services (IIS) Manager, under Failed Request Tracing,

enable Failed Request Tracing.

• Add a rule to trace status code 500 for critical errors.

2. Enable Directory Browsing, Windows Authentication, and ASP.NET Impersonation.

3.

In Server Manager, add the UDDI Services role and configure it to not require SSL.

4.

In IIS Manager, under Output Caching, add a cache rule for the aspx extension to enable User-

mode caching.

•

Under ASP.NET, configure SMTP email for email address [email protected],server name SMTP.WoodgroveBank.com.

5.

Test the configuration by browsing to http://localhost/uddi.

• Browse to http://localhost/aspnet_client and investigate the failed request log.

Task 3: Configure NYC-SVR2 to have no default documents, and redirect requests to

NYC-SVR1

1.

On NYC-SVR2, in the command prompt window, type

cd \windows\system32\inetsrv\config and then press Enter.

http://nyc-svr1/default.aspmailto:[email protected]://localhost/uddihttp://localhost/aspnet_clienthttp://localhost/aspnet_clienthttp://localhost/uddimailto:[email protected]://nyc-svr1/default.asp

8/9/2019 6427 a Lab Manual

9/170


• Type edit applicationHost.config and then press Enter.

•

Scroll down to (approximately line 169), and change"true" to "false".

•

Scroll down to (approximately line 246), and modify this lineto read:

2. On NYC-SVR3, in Internet Explorer, browse to http://nyc-svr2 to test the redirection.

Results: After this exercise, you should have successfully configured and verified the configuration ofthe three web servers.

http://nyc-svr2/http://nyc-svr2/

8/9/2019 6427 a Lab Manual

10/170

Lab instructions: Configuring IIS 7.0 Web Sites and Application Pools 1

Module 2

Lab instructions: Configuring IIS 7.0 Web Sites andApplication Pools

Contents:Exercise 1: Configuring Authentication Types 2

Exercise 2: Creating a Web Site and Web Application 4

Exercise 3: Creating an Application Pool 5

Exercise 4: Configuring an Existing Application Pool 6

8/9/2019 6427 a Lab Manual

11/170

8/9/2019 6427 a Lab Manual

12/170

Lab instructions: Configuring IIS 7.0 Web Sites and Application Pools 3

Task 3: Add Basic, Windows Integrated and Digest Security features to the IIS Role

•

Use Server Manager to add the Basic Authentication, Windows Authentication, and DigestAuthentication role services to the Web server role.

Task 4: Create a virtual directory named public

• Use Internet Information Services Manager to create a virtual directory named public pointing tothe physical directory c:\inetpub\public.

•

Copy the contents of c:\inetpub\wwwroot to c:\inetpub\public.

Task 5: Configure the public virtual directory for anonymous authentication

1.

Use Internet Information Services Manager to make sure that Anonymous Authentication is

enabled for Public.

2.

In Server Manager, enable the local Guest account, and allow Guest to log on locally.

3.

Use Switch User to logon as NYC-WEB-A\Guest with no password.

4.

Open http://localhost/public in the browser to verify that the local guest can browse to the public

directory.

5. Use Switch user to login as local administrator with password of Pa$$w0rd before continuing with

next exercise.

Results: After this exercise, you should have successfully verified that the Public directory is created. andloaded the IIS Welcome page in Internet Explorer with the Guest account.

http://localhost/publichttp://localhost/public

8/9/2019 6427 a Lab Manual

13/170

2 Lab instructions: Configuring IIS 7.0 Web Sites and Application Pools

Exercise 2: Creating a Web Site and Web Application

Scenario

Next you will create two web sites, and two web applications, in the employee and restricted virtual

directories, named Woodgrove and Exec respectively. Exec will be a .NET 3.0 application. You will also

delegate administrative access to ITAdmins_WoodgroveGG.

Exercise Overview

In this exercise, you will learn how to create web sites and applications.


1.

Create a site named Woodgrove.

2.

Copy the Woodgrove application to the appropriate directory.

3.

Add the .NET 3.0 Feature to the server.

4.

Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG.

Task 1: Create a site named Woodgrove

•

On NYC-WEB-A, in IIS Manager, add a Web site named Woodgrove and set its physical path toc:\inetpub\woodgrove, and its http port to 88.

Task 2: Copy the Woodgrove Application to the Appropriate Directory

•

Copy the Woodgrove application from e:\Mod02\Labfiles\Woodgrove to c:\inetpub\woodgrove.

Task 3: Add the .NET 3.0 Feature and ASP.NET to the server

• In Server Manager, add .NET 3.0 Framework and ASP.NET.

Task 4: Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG

• In IIS Manager, under Permissions, give Full Control to the security groupITAdmins_WoodgroveGG.

Results: After this exercise, you should have successfully installed .NET 3.0 Framework, ASP.NET, andcreated the Woodgrove site and copied its content.

8/9/2019 6427 a Lab Manual

14/170

8/9/2019 6427 a Lab Manual

15/170

8/9/2019 6427 a Lab Manual

16/170

8/9/2019 6427 a Lab Manual

17/170

Lab Instructions: Configuring IIS 7.0 Application Settings 1

Module 3

Lab Instructions: Configuring IIS 7.0 Application Settings

Contents:Exercise 1: Configuring ASP.NET 2

Exercise 2: Configuring ASP.NET Application Development Settings 4

Exercise 3: Configuring a Web Server to Host Multiple Applications withSeparate Application Pools 5

Exercise 4: Configuring ASP.NET Security 7

8/9/2019 6427 a Lab Manual

18/170

2 Lab Instructions: Config ring IIS 7.0 Application Settings

ab: Co figuri g IIS 7.

E

S

Y

t

w

p

leu

E

In

c

H

T

1.

2.

3.

4.

5.

6.

T

•

xercise 1:

cenario

u receive a s

add and con

ill be availabl

assword “sup

vel of securityser to contact

ercise Ove

this exercise,

oose and co

TTP errors.

is exercise’s

Start the 6

Start the 6

Add ASP.N

Create the

Configure

Configure

ask 1: Start

Start 6427

Configuri

rvice request

figure the AS

from the Int

ort” from thei

. If there is antheir district s

rview

you will learn

figure the ap

ain tasks are:

27A-NYC-DC

27A-NYC-WE

ET and Basic S

SalesSupport

asic Security

ustom error

the 6427A-

-NYC-DC1,

0 Appl cation Settings

g ASP.N T

from the Ente

.NET role serv

rnet and Sale

r client’s sites

error, the errales manager

rprise Design

ice, and Appli

s Associates w

to get contac

r message retfor login infor

Team to depl

cation Server

ill need to log

information

urned to themation.

y an applicat

role, on the

in with the u

or support. T

client browser

ion server. Yo

eb Server. Th

er name “sale

is requires a

should direct

need

server

s” and

edium

the

how to add t

ropriate auth

1 virtual mac

B-A virtual m

ecurity featur

pplication an

o allow acces

ages for 401.

YC-DC1 vi

nd log on as

e ASP.NET ro

entication mo

ine.

chine and lo

es to the IIS R

d copy the AS

s to authentic

spx for 401 e

rtual machi

LocalAdmin

le service and

del, and set u

on as Wood

le.

P.NET applica

ated Woodgr

rrors, and Oth

e and log

ith the pass

configure AS

p custom erro

.NET. You wil

r pages to ha

l

dle

rovebank\Administrator.

tion files.

vebank dom in users.

er_Errors.aspx for all other rrors.

n as Local dmin

ord of Pa$$ 0rd.

8/9/2019 6427 a Lab Manual

19/170


Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as

Woodgrovebank\Administrator

• Start 6427A-NYC-WEB-A, and log on as Administrator with the password of Pa$$w0rd.

Task 3: Add ASP.NET and Basic Security features to the IIS Role

•

On NYC-WEB-A, use Server Manager to add the ASP.NET and Basic Authentication role services.

Task 4: Create the SalesSupport application and copy the ASP.NET application files

1.

On NYC-WEB-A, use IIS Manager to add the SalesSupport application with a physical path of

c:\inetpub\wwwroot\SalesSupport.

2. Copy the application files from E:\Mod03\Labfiles\SalesSupport to

c:\inetpub\wwwroot\SalesSupport.

Task 5: Configure Basic Security to allow access to authenticated Woodgrovebank

domain users

1.

On NYC-WEB-A, use IIS Manager to disable Anonymous Authentication and enable Basic

Authentication for the domain and realm woodgrovebank .

2.

Browse to http://localhost/salessupport. Notice that you are prompted for credentials. Enter user

name yvonne with password Pa$$w0rd.

3. Close and reopen the browser, and then browse again to http://localhost/salessupport. Try logging

in with credentials that do not have a domain account, such as user name Bob with no password.

4. Close the browser before continuing to the next task.

Task 6: Configure custom error pages for 401.aspx for 401 errors, and Other_Errors.aspx

for all other errors

1. Copy the contents of E:\Mod03\Labfiles\WBErrors to c:\inetpub\custerr

\en-US.

2. In IIS Manager, edit the custom error for error 401 so that it redirects to 401.aspx. Edit the custom

error code for error 404 so that it redirects to Other_Erros.aspx. Note that you would repeat this forthe rest of the error codes if you were doing this in a real world situation.

3.

Open Internet Explorer and browse again to http://localhost/salessupport. Try logging in with

credentials that do not have a domain account, such as user name Bob with no password.

4.

If prompted, assign the site to the allowed list, and then note the custom 404 error.

Results: After this exercise, you should have successfully verified that the ASP.NET role service isinstalled, configured Basic authentication, and verified custom error pages in Internet Explorer.

http://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupport

8/9/2019 6427 a Lab Manual

20/170

4 Lab Instructions: Configuring IIS 7.0 Application Settings

Exercise 2: Configuring ASP.NET Application Development Settings

Scenario

Next you will configure some test settings for the SalesSupport application. The Enterprise Design team is

planning on implementing a database to store the support resource data. You will need to enter the

provided connection string. You will also rename the cookie that the page uses to SalesSupport. Next youwill create a custom control for testing the new configuration. Finally, you will set some application

settings and then verify that the application can read them by loading the custom test page.

Exercise Overview

In this exercise, you will learn how to configure ASP.NET application development settings.


1.

Configure ASP.NET Connection Strings to connect to Resources.MDF.

2.

Configure ASP.NET Session State settings to rename the cookie to SalesSupport.

3. Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0.

4. Add application settings at Site and Application levels.

Task 1: Configure ASP.NET Connection Strings to connect to Resources.MDF

•

On NYC-WEB-A, in IIS Manager, modify the Connection Strings for the SalesSupport applicationto use the following connection string as LocalResources:

datasource=.\SQLEXPRESS;AttachDbFileName=e:\mod03\labfiles\resources.mdf;IntegratedSecurit

y=True

Task 2: Configure ASP.NET Session State settings to rename the cookie to SalesSupport

•

Rename the Session State cookie name to SalesSupport_SessionID.

Task 3: Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0• In IIS Manager, register a new custom control with the tag preface of Woodgrovebank . Set the

Namespace to TestControls and the Assembly to Version=1.0.0.0.

Task 4: Add application settings at site and application levels

1.

Open Internet Explorer and browse to http://localhost/salessupport

/test.aspx. Enter username yvonne and password Pa$$w0rd. Notice that the test application reports

that no application settings are defined.

2.

In IIS Manager, add an Application setting named DefaultLocation with the value "New York " to

the Default Web Site.

3. In Internet Explorer, refresh the page and compare the results.

4. In IIS Manager, note the inheritance setting for the Application Settings, Add another Application

setting named debug_mode with value "true".5.

In Internet Explorer, refresh the page and compare results. Close Internet Explorer before

continuing.

Results: After this exercise, you should have configured ASP.NET development settings and verified testpage functionality.

http://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspx

8/9/2019 6427 a Lab Manual

21/170


Exercise 3: Configuring a Web Server to Host Multiple Applications withSeparate Application Pools

Scenario

You will now deploy the SalesSupport application to two new instances. Once instance will be a test

deployment with additional testing configuration. Another instance will be for the German division of

Woodgrove and will need to be set for German globalization settings. Additionally, you will disable the

debug mode for the production version of SalesSupport.

Exercise Overview

In this exercise, you will learn how to create an application pool.


1.

Create three application pools named SalesSupport, SalesSupport_De, and SalesSupport_Test.

2.

Create the applications SalesSupport_De and SalesSupport_Test.

3. Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and

SalesSupport_Test directories.

4.

Assign the applications to the appropriate application pools.

5. Configure application pool recycling for unlimited requests.

6. Configure the SalesSupport_Test application pool to record recycled events.

7. Configure the SalesSupport .NET compilation debug setting to False.

8.

Configure the SalesSupport_De application globalization settings for Germany.

Task 1: Create three application pools named SalesSupport, SalesSupport_De, and

SalesSupport_Test

•

On NYC-WEB-A, in IIS Manager, add three application pools named SalesSupport,SalesSupport_De, and SalesSupport_Test.

Task 2: Create the applications SalesSupport_De and SalesSupport_Test

1.

In IIS Manager, create an application named SalesSupport_De with a physical path ofc:\inetpub\wwwroot\SalesSupport_De.

2.

Create an application named SalesSupport_Test with a physical path of

c:\inetpub\wwwroot\SalesSupport_Test.

Task 3: Use XCopy to deploy the files from the SalesSupport directory to the

SalesSupport_DE and SalesSupport_Test directories

• At the command prompt, change to the c:\inetpub\wwwroot directory and then use XCopy to copythe files and directory structure from SalesSupport to SalesSupport_De and SalesSupport_Test.

Task 4: Assign the applications to the appropriate application pools

1.

In IIS Manager, modify the SalesSupport, SalesSupport_De and SalesSuppot_Test to use their

correspondingly named application pools.

2. Disable anonymous authentication and enable basic authentication with the domain and realm of

woodgrovebank for both SalesSupport_De and SalesSupport_Test applications.

Task 5: Configure production application pool recycling for unlimited requests

• In IIS Manager, modify the SalesSupport and SalesSupport_De application pool recycling so thatthey do not recycle on regular intervals.

8/9/2019 6427 a Lab Manual

22/170

8/9/2019 6427 a Lab Manual

23/170


Exercise 4: Configuring ASP.NET Security

Scenario

Next, you will configure the machine key, .NET trust level, and File and Folder security.

Exercise OverviewIn this exercise, you will configure ASP.NET security settings.


1.

Set the machine key of SalesSupport_de.

2.

Configure the SalesSupport_Test site for medium trust level.

3.

Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test.aspx

page on SalesSupport.

4.

Enable Tracing and Logging for the SalesSupport_Test site.

5.

Configure Request Filtering so that only ASPX requests are processed.

Task 1: Set the machine key of SalesSupport_de

•

On NYC-WEB-A, in IIS Manager, generate a new Machine Key for SalesSupport_De.

Task 2: Configure the SalesSupport_Test site for medium trust level

• In IIS Manager, set the .NET Trust Level to Medium for the application SalesSupport_Test.

Task 3: Configure File and Folder security so that only ITAdmins_WoodgroveGG can

access the Test.aspx page in SalesSupport

1.

In IIS Manager, modify the permissions of SalesSupport\test.aspx so that permissions are not

inherited and only ITAdmins_WoodgroveGG is allowed.

2.

In Internet Explorer, browse to http://localhost/salessupport/test.aspx and try to use the

credentials of yvonne as user name and password Pa$$w0rd.

3.

Refresh the page and log in with a user account that is a member of ITAdmins_WoodgroveGG, suchas user name Betsy and password Pa$$w0rd.

4.

Close Internet Explorer before continuing.

Task 4: Enable Tracing and Logging for the SalesSupport_Test site

1.

In IIS Manager, add all of the role services for Health and Diagnostics to the Web Server role.

2. In Notepad, open c:\inetpub\wwwroot\SalesSupport_Test\test.aspx.

a. Modify the first line to read:

b. Modify the fifth line to read:

Response.Write("This message should appear");

c.

Save the file and close Notepad.

3. In Internet Explorer, browse to http://localhost/salessupport_test

/test.aspx and use credentials of user name Betsy and password Pa$$w0rd if prompted.

4. Examine the page for trace messages and information. Close Internet Explorer.

http://localhost/salessupport/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport/test.aspx

8/9/2019 6427 a Lab Manual

24/170

8/9/2019 6427 a Lab Manual

25/170

Lab Instructions: Configuring IIS 7.0 Modules 1

Module 4

Lab Instructions: Configuring IIS 7.0 Modules

Contents:Exercise 1: Configuring and Editing Native Modules 2

Exercise 2: Configuring and Editing Managed Modules 4

8/9/2019 6427 a Lab Manual

26/170

2 Lab Instructions: Config ring IIS 7.0 Modules

ab: Co figuri g and

E

S

Y

r

a

EIn

a

T

1.

2.

3.

4.

5.

6.

7.

T

•

T

•

xercise 1:

cenario

u received a

quired to inst

d vulnerabilit


d reduce the

e main tasks

Start the 6

Backup the

Examine th

Remove th

Validate th

Restore th

Validate th

ask 1: Start

Start 6427

ask 2: Back

Open com

Configuri

service reques

all, test, and r

y, you must r

rviewstudents will l

server footpri

for this exerci

27A-NYC-WE

current Web

e modules cu

e Default Doc

at the module

modules to t

at the module

the 6427A-

-NYC-WEB-

p the curre

and prompt

diting Modules

g and Editing Nati e Modul s

t from the ap

n an applicat

move the un

lication deve

ion on the sp

ecessary mo

lopment team

cified Web se

ules.

specifying th

rver. To reduc

e modules tha

e the server f

t are

otprint

modules froearn how to r

nt.

emove native a Web server to improve s curity

e are as follo s:

B-B virtual m chine and lo on as Administrator.

server config ration.

server.rently installed on the Web

ctory Listingment Modul and the Dire odule.

s have been r moved and test the new s rver configuration.

he Web serve configuratio .

s have been r stored and t st the server onfiguration.

YC-WEB-B virtual ma hine and log on as Ad inistrator

, and log on as Administr tor with the assword of Pa$$w0rd.

nt Web ser er configuration

and use appcmd to backup the server co figuration.

8/9/2019 6427 a Lab Manual

27/170


Task 3: Examine the modules currently installed on the Web server

•

Use the IIS Manager to examine the modules.

Task 4: Remove the Default Document Module and the Directory Listing Module

1.

Browse the default Web site.

2.

Use Notepad to edit the applicationHost.config.3. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the

tag.

4.

Delete the references to the DefaultDocumentModule and the DirectoryListingModule from

within the tag.

5. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the

tag.

Task 5: Validate that the modules have been removed and test the new server

configuration

1.

Use IIS Manager to validate that the removed modules entries are missing.

2. Use Internet Explorer to check the default Web site.

3.

Use Internet Explorer to retrieve the default Web page.

• Default Web pageURL: http://localhost/default.aspx

Task 6: Restore the modules to the Web server configuration

• Open command prompt and use appcmd to restore the server configuration.

Task 7: Validate that the modules have been restored and test the server configuration

• Open command prompt and use appcmd to backup the server configuration.

Results: After this exercise, you should have successfully removed native modules from a Web server, andthen confirmed that the server operates as expected

8/9/2019 6427 a Lab Manual

28/170

4 Lab Instructions: Configuring IIS 7.0 Modules

Exercise 2: Configuring and Editing Managed Modules

Scenario

To increase throughput, it has been determined that output caching would be beneficial on some of the

applications on the Web server. You need to make sure that the Output Cache module is installed and

configured as specified in the service request. The development team also requested the installation of anew Managed Module that provides an additional level of logging for their application.

Exercise Overview

In this exercise, students will learn how to add new managed modules to a Web server.

The main tasks for this exercise are as follows:

1. Install the logging managed module.

2.

Confirm the installation of the logging managed module.

3.

Test the Web site’s forms authentication page.

4. Examine the modules currently running on the Web server.

5. Remove the forms authentication managed module.

6.

Test the new configuration.

Task 1: Install the logging managed module

1.

Create a new folder:

• C:\inetpub\ logging_module\

2.

Copy files for logging_module Web site.

• Source: E:\Mod04\Labfiles\logging_module

• Destination: C:\inetpub\ logging_module\

3. Change the security for C:\inetpub\logging_module\logs to allow Users (NYC-WEB-B\Users).

4.

Use IIS Manager to add a new Web site:• Site name: logging_module

•

Physical path: C:\inetpub\logging_module

• Port: 8181

Task 2: Confirm the installation of the logging managed module

1.

Use Internet Explorer to view the logging_module Web site.

2. Load the Web site's second page.

3.

Use IIS Manager to examine the modules for the logging_module Web site.

4.

Examine the logs created by the logging_module Web site.

• Location: C:\inetpub\logging_module\logs

Task 3: Test the Web site’s forms authentication page

•

Use Internet Explorer to log into the default Web site and retrieve a confidential memo.

• Destination: Shared Documents

• Email: [email protected]

•

Password: Pa$$w0rd

mailto:[email protected]:[email protected]:[email protected]

8/9/2019 6427 a Lab Manual

29/170


• Memo: Woodgrove Confidential Memo

Task 4: Examine the modules currently running on the Web server

• Use IIS Manager to examine the OutputCache module.

Task 5: Remove the forms authentication managed module

•

Use IIS Manager to remove the FormsAuthentication module.

Task 6: Test the new configuration

• Attempt to view the Shared Documents folder again using Internet Explorer.

Results: After this exercise, you should have successfully added a managed module to the Web server.

8/9/2019 6427 a Lab Manual

30/170

Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites 1

Module 5

Lab Instructions: Securing the IIS 7.0 Web Server and WebSites

Contents:Exercise 1: Configure a Secure Web Server 2

Exercise 2: Configure Authorization, Authentication, and Access 5

Exercise 3: Configure Logging 9

8/9/2019 6427 a Lab Manual

31/170

2 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites

ab: Securing I S 7.0

E

S

A

p

A

aH

T

1.

2.

3.

4.

5.

6.

7.

8.

9.

T

•

T

•

xercise 1:

cenario

dditional secu

rotect the We

dditional ISAP

thorized forerbert Dorner

e main tasks

Start the 6

Start the 6

Create a se

Block IP ad

Examine th

Install the .

Set ISAPI a

Set the rig

Test and v

ask 1: Start

Start 6427

ask 2: Start

Start 6427

Configur

rity measures

b server again

I and CGI rest

specific site..

for this exerci

27A-NYC-DC

27A-NYC-WE

lf-signed serv

dresses as spe

e current ISAP

NET Framewo

d CGI restrict

ts and permis

lidate the ne

the 6427A-

-NYC-DC1.

the 6427A-

-NYC-WEB-

eb Server an Web ites

a Secure Web Server

need to be p

st unauthoriz

t in place to

d access by s

rotect the W

ecific IP addr

b server. Thes

esses and do

e measures w

ains.

ill

rictions need

You must giv

e are as follo

1 virtual mac

B-B virtual m

r certificate f

cified in the s

I and CGI Res

rk 1.1.

ions to use AS

sions for Acti

configuratio

YC-DC1 vi

YC-WEB-B

, and log on

o be put into

separate acc

place. Then y

ss to the IT A

u are given a

dmin group a

list of accoun

nd the develo

ts

per,

s:

n as Administine and log o ator.

chine and lo on as Administrator.

r the Web server.

rvice request..

rictions.

P.NET version 1.1.

e Directory u ers.

n.

rtual machi e and log n as Administrator

virtual ma hine and log on as Ad inistrator

as Administr tor with the assword of Pa$$w0rd.

8/9/2019 6427 a Lab Manual

32/170


Task 3: Create a self-signed server certificate for the Web server

1. On NYC-WEB-B, open the IIS Manager.

2. Open Server Certificates.

3.

Create a Self-Signed Certificate:

• Friendly name: woodgrovebank

Task 4: Block IP addresses as specified in the Service Request

1. Using the IIS Manager, set IPv4 Address and Domain Restrictions.

2. Add a deny rule entry:

• Specific IPv4 address: 10.10.20.1

3.

Add a deny rule entry:

• IPv4 address: 10.10.10.0

•

Mask: 255.255.255.0

Task 5: Examine the current ISAPI and CGI Restrictions

•

Using the IIS Manager, examine the ISAPI and CGI Restrictions.

Task 6: Install the .NET Framework 1.1

1. Install the .NET Framework 1.1.

•

File location: E:\ Mod05\Labfiles

• Installer: dotnetfix.exe

2.

Install the .NET Framework 1.1 Service Pack 1.

• File location: E:\ Mod05\Labfiles

• Installer: NDP1.1sp1-KB867460-X86.exe

Task 7: Set ISAPI and CGI restrictions to use ASP.NET version 1.1

1.

Using the IIS Manager, set the ISAPI and CGI Restrictions.

2. Allow ASP.NET v1.1.4322.

Task 8: Set the rights and permissions for Active Directory users

•

Set the rights and permissions for Active Directory users.

• Folder: C:\inetpub\wwwroot\

• Location: WoodgroveBank.com

•

Object names to select: ITAdmins_WoodgroveGG

• Object names to select: Herbert

• Allow: Full control

Task 9: Test and validate the new configuration

• Validate the new configuration.

• Group or user names: ITAdmins_WoodgroveGG

•

Group or user names: Herbert Dorner

8/9/2019 6427 a Lab Manual

33/170

8/9/2019 6427 a Lab Manual

34/170


Exercise 2: Configure Authorization, Authentication, and Access

Scenario

Additional security measures need to be put in place to protect the Web server. An application is

protected with forms authentication, but it is discovered that some of the content can bypass forms

authentication and still be accessed, such as a jpg, by entering the direct URL path and file name. Youmust configure the protected content to use the managed forms authentication module.


1. Turn off the Web site cache for the shared documents folder.

2.

Sign into the Woodgrove Bank Web site and retrieve the confidential memo.

3.

Bypass the Web site forms authentication.

4. Modify the applicationHost.config file to handle forms authentication.

5. Reconfigure the authorization and authentication so that the protected content uses forms

authentication.

6.

Test and validate the Web site’s new configuration

Task 1: Turn off the Web site cache for the shared documents folder• Using the IIS Manager, add Custom HTTP Response Header.

• Name: Cache-Control

•

Value: no-cache

Task 2: Sign into the Woodgrove Bank Web site and retrieve the confidential memo

1.

Use Internet Explorer to log into the default Web site and retrieve a confidential memo.

•

Destination: Shared Documents


• Password: Pa$$w0rd

•

Memo: Woodgrove Confidential Memo

2.

Sign-out of the Web site.

Task 3: Bypass the Web site forms authentication

•

Use Internet Explorer to retrieve the Confidential Memo.

• Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo.jpg

Task 4: Modify the applicationHost.config to unlock the URL Authorization

section by changing the override mode default to allow

• Unlock URL Authorization in the applicationHost.config file:

•

File location: C:\windows\system32\inetsrv\config •

File name: applicationHost.config

• Section:

• Original code:

•

Replacement code:

mailto:[email protected]:[email protected]:[email protected]

8/9/2019 6427 a Lab Manual

35/170

6 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites

Task 5: Modify the applicationHost.config section to change the

Classic .NET application pool to Integrated mode• Change the Classic .NET application pool to Integrated mode in the applicationHost.config file:

• File location: C:\windows\system32\inetsrv\config

•


• Section:

• Original code:

•

Replacement code:

Task 6: Modify the applicationHost.config file to disable all other authentication types

except for anonymous

• Disable all other authentication types except for anonymous in the applicationHost.config file:


•


• Section:

• Append enabled="false" to:

•

clientCertificateMappingAuthentication

• digestAuthentication

• iisClientCertificateMappingAuthentication

•

windowsAuthentication

Task 7: Modify the applicationHost.config file to protect all content by removing the

managedHandler precondition from the section

•

Protect all content by removing the managedHandler precondition in the applicationHost.config file:


• File name: applicationHost.config

•

Section:

• Original code:

• Replacement code:

8/9/2019 6427 a Lab Manual

36/170


• Original code:

•

Replacement code:

Task 8: Reconfigure the authorization and authentication so that the protected content

uses forms authentication

1. Reconfigure authorization so that the protected content uses forms authentication in the Web.Config

file:

•

File location: C:\inetpub\wwwroot •

File name: Web.Config

• Section:

• Add the line , above the line

• Original code:

•

Replacement code:

2.

Using the IIS Manager, reconfigure authentication so that the protected content uses forms

authentication.

• Launch Authentication

•

Disable Anonymous Authentication

Task 9: Test and validate the Web site’s new configuration

1.

Use Internet Explorer to log into the default Web site and retrieve the confidential memo.

• Destination: Shared Documents


•

Password: Pa$$w0rd

• Memo: Woodgrove Confidential Memo

2.

Sign-out of the Web site.

3.

Use Internet Explorer and attempt to retrieve the Confidential Memo.

• Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo.jpg

mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]

8/9/2019 6427 a Lab Manual

37/170

8/9/2019 6427 a Lab Manual

38/170


Exercise 3: Configure Logging

Scenario

Additional security measures need to be put in place to protect the Web server. You received a service

request to keep a log of all visitors to the Web server for the past 24 hours. You must enable and

configure logging and then test and verify the log.


1. Examine and configure logging options.

2. Test the logging operations.

Task 1: Examine and configure logging options

• Using the IIS Manager, set the logging options.

• Select: Use local time for file naming and rollover

Task 2: Test the logging operations

1.

Using Internet Explorer, refresh the Web site.2.

View the log file:

• Log file location: C:\ inetpub\logs\LogFiles\W3SVC1

Results: After examining the configuration of the Web server’s logging settings, the current log file wasexamined and proven to successfully track the Web server’s activity.

8/9/2019 6427 a Lab Manual

39/170

Lab Instructions: Configuring Delegation and Remote Administration 1

Module 6

Lab Instructions: Configuring Delegation and RemoteAdministration

Contents:Exercise 1: Configuring Remote Administration 2

Exercise 2: Configuring Delegated Administration 4

Exercise 3: Configuring Feature Delegation 7

8/9/2019 6427 a Lab Manual

40/170

2 Lab Instructions: Config ring Delegation and Remote Administration

ab: Codmini

figuritration

g Dele

gation

E

S

Y

t

Ab

t

Y

t

In

T

1.

2.

T1.

2.

3.

T

1.

xercise 1:

cenario

u need to be

st it by access

new site hasusiness owner

e other sites

u have been

eir site. You

this exercise

is exercise’s

Configure

Test NYC-

ask 1: Confi

Add the IIS

Configure

Credentials

Start the II

ask 2: Test

On NYC-D

Configuri

able to confi

ing the admin

een set up a. You will nee

osted on the

assigned a se

ust unlock th

you will practi

ain tasks are:

YC-WEB-B f

EB-B remote

gure NYC- Management

he IIS Manag

.

Managemen

YC-WEB-B

C1, add the II

g Remot

ure the serve

istration feat

d you have b to give the b

server.

vice request t

e error page f

ce configurin

r remote ad

administratio

EB-B for r role service t

ment service

t service.

remote ad

Managemen

and Remote

Administration

r remotely. Yo

res from a re

u must enabl

ote comput

remote admi

r.

nistration and then

een asked tousiness owne

elegate the a permission t

dministrationadminister t

of the site to teir site only,

heut not

foro allow all site

eature so that

owners to ad

it can be del

minister the e

gated.

rror messages

a Web server for remote administration.

inistration.

n.

mote admi istrationNYC-WEB- .

IIS Managerto accept both Windows Credentials and

inistration

t Console.

8/9/2019 6427 a Lab Manual

41/170

8/9/2019 6427 a Lab Manual

42/170

8/9/2019 6427 a Lab Manual

43/170

8/9/2019 6427 a Lab Manual

44/170

8/9/2019 6427 a Lab Manual

45/170

Lab Instructions: Configuring Delegation and Remote Administration 7

Exercise 3: Configuring Feature Delegation

Scenario

You need to be able to configure the server remotely. You must enable remote administration and then

test it by accessing the administration features from a remote computer.

A new site has been set up and you have been asked to delegate the administration of the site to the

business owner. You will need to give the business owner permission to administer their site only, but not

the other sites hosted on the server

You have been assigned a service request to allow all site owners to administer the error messages for

their site. You must unlock the error page feature so that it can be delegated.

In this exercise you will practice configuring delegated administration so that all site owners can

administer the error messages for their site.


1.

Configure feature delegation for the Human Resources and Sales sites.

2.

Test feature delegation for the Human Resources site.

Task 1: Configure feature delegation for the Human Resources and Sales sites

• On NYC-WEB-B, use feature delegation to set Error Pages to Read/Write.

Task 2: Test feature delegation for the Human Resources site

1.

On NYC-DC1, log in as woodgrovebank\herbert with a password of Pa$$w0rd.

2.

Use IIS Manager to connect to the HR site on NYC-WEB-B with the user name

[email protected].

3. Set a custom error page of /ErrorPages/custom404.htm for the 404 error page.

4.

Use Internet Explorer to open URL: http://hr.woodgrovebank.com/missingpage.htm

Results: After completing this exercise, you should have successfully configured the Human Resourcesand Sales sites so that the site owners can customize error pages for each site.

http://hr.woodgrovebank.com/missingpage.htmhttp://hr.woodgrovebank.com/missingpage.htmhttp://hr.woodgrovebank.com/missingpage.htm

8/9/2019 6427 a Lab Manual

46/170

Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration 1

Module 7

Lab Instructions: Using Command-line and Scripting for IIS7.0 Administration

Contents:Exercise 1: Manage IIS Web Sites with PowerShell 2

Exercise 2: Use Microsoft.Web.Administration 4

Exercise 3: Automate IIS Administration using Scripts 5

Exercise 4: Navigating IIS tasks using WMI and AppCmd 7

8/9/2019 6427 a Lab Manual

47/170

2 Lab Instructions: Using ommand-line and Scripting for IIS 7.0 A ministration

ab: Usidmini

ng Cotration

mand

line an

E

S

T

t

t

In

T

1.

2.

3.

4.

5.

6.

T

T

•

T

•

xercise 1:

cenario

e developme

at PowerShell

e Web servic

this exercise,

e main tasks

Start the 6

Use Power

Use Power

Stop the w

Start the w

List the Po

ask 1: Start

ask 2: Use P

Use the ge

ask 3: Use P

Use the ge

Manage II

nt team requi

l will correctly

.

you will learn

for this exerci

27A-NYC-WE

hell to identi

hell to identi

3svc service u

3svc service u

ershell.exe p

the 6427A-

owerShell t

-service cmd

owerShell t

-service -inc

S Web Sit

res additional

manage the s

how to use P

e are as follo

B-B virtual m

y all services.

y running ser

ing PowerSh

ing PowerSh

ocess using t

YC-WEB-B

identify al

let.

identify r

lude w* | sor

d Scrip ing fo IIS 7.0

es with P werShell

tools to mana

erver’s service

ge their Web

s and make s

sites. First you

re it can succ

need to mak

ssfully stop a

e sure

nd start

werShell to anage IIS 7.0..

s:

chine and lo on as Wood rovebank\Administrator.

ices that start with a "w".

ll.

ll.

e get-wmiobject cmdlet.

virtual ma hine and log on as Ad inistrator

l services

ces that stanning servi rt with a w

-object -pro erty status mdlet.

8/9/2019 6427 a Lab Manual

48/170


Task 4: Stop the w3svc service using PowerShell

•

Use the stop-service cmdlet.

• Use the get-service cmdlet to confirm.

Task 5: Start the w3svc service using PowerShell

•

Use the start-service cmdlet.

• Use the get-service cmdlet to confirm.

Task 6: List the Powershell.exe process using the get-wmiobject cmdlet

•

Use the Get-WmiObject -query "Select * From Win32_Process Where Name = 'powershell.exe'"cmdlet.

Results: After this exercise, you should have successfully identified, stopped and started services using

PowerShell.

8/9/2019 6427 a Lab Manual

49/170

8/9/2019 6427 a Lab Manual

50/170

8/9/2019 6427 a Lab Manual

51/170

6 Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration

2.

Type the following at the end of the profile script:

new-variable iissites –value (New-Object

Microsoft.Web.Administration.ServerManager).Sites –scope “global”new-variable iisapppools –value (New-Object

Microsoft.Web.Administration.ServerManager).ApplicationPools –scope “global”

update-typedata –append (join-path –path $PSHome –childPath “iis.types.ps1xml”)

3. At the PowerShell Command Prompt run $iissites.Find(“^Default*”).

Task 6: Review and run a script to create a Web site

1. The script is located in E:\Mod07\Labfiles\scripts\CreateWebsite

\CreateWebsite\CreateWebsite\Bin\Debug\CreateWebsite.exe.

2.

Copy the script to the C:\drive and run it from PowerShell.

Task 7: Use PowerShell script to verify site was created

• Use $iissites.Find to locate NewSite.

Results: After this exercise, you should have successfully created a Microsoft.PowerShell profile script.

You should have also used a saved script to list Web site. Finally, you should have successfully created asite named NewSite.

8/9/2019 6427 a Lab Manual

52/170


Exercise 4: Navigating IIS tasks using WMI and AppCmd

Scenario

You need to verify which tasks are running on the server. Use WMI and AppCmd to display the list of

running tasks.

In this exercise, students will use WMI and AppCmd for IIS administration.


1. Use AppCmd to identify tasks running on the Web server.

2. Use AppCmd to identify all running application pools.

3. Use AppCmd to recycle all running application pools.

4.

Move all applications in a site to NewAppPool apppool.

5.

Store configuration information to file, and then restore the configuration information.

6.

Use WMI to list the default Web site on the Web server.

Task 1: Use AppCmd to identify tasks running on the Web server

1.

Open a Command Prompt.2. Navigate to c:\windows\system32\inetsrv to run AppCmd.

Task 2: Use AppCmd to identify all running application pools

Task 3: Use AppCmd to recycle all running application pools

• Use this command: appcmd list apppool /xml | appcmd recyle apppool /in

Task 4: Move all applications in a site to NewAppPool apppool

•

Use this command: appcmd list app /site.name:"NewSite" /xml | appcmd set app /in /applicationPool:NewAppPool

Task 5: Store configuration information to file, and then restore the configurationinformation

• To store configuration information: appcmd list config “Default Web Site/” /section:caching /xml /config > config.xml

• To restore configuration information: appcmd set config “Default Web site/” /in < config.xml

Task 6: Use WMI to list the default Web site on the Web server

1. Using Notepad create a file named GetSite.vbs with the following code:

Set oIIS = GetObject("winmgmts:root\WebAdministration")

Set oSite = oIIS.Get("Site.Name='Default Web Site'")

WScript.Echo "Retrieved an instance of Site "WScript.Echo " Name: " & oSite.Name

WScript.Echo " ID: " & oSite.ID

2.

Open a Command Prompt and navigate to folder where GetSite.vbs is located

3.

Type cscript //h:cscript.

4. Run GetSite.vbs script.

8/9/2019 6427 a Lab Manual

53/170

8 Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration

Results: After this exercise, you should have successfully used AppCmd to recycle application pools,move application and store configuration information to a file. You should have also successfullyidentified the default Web site using WMI.

8/9/2019 6427 a Lab Manual

54/170

Lab Instructions: Tuning IIS 7.0 for Improved Performance 1

Module 8

Lab Instructions: Tuning IIS 7.0 for Improved Performance

Contents:Exercise 1: Deploying Applications 2

Exercise 2: Configuring IIS Performance Options 5

Exercise 3: Managing Application Pools to Improve Performance 6

8/9/2019 6427 a Lab Manual

55/170

2 Lab Instructions: Tuning IIS 7.0 for Improved Performance

ab: Tu ing IIS 7.0 for

E

S

Y

n

E

InX

T

1.

2.

3.

4.

5.

6.

7.

T•

T

•

xercise 1:

cenario

u receive a r

ew installation

ercise Ove

this exercise,copy.

is exercise’s

Start the 6

Start the 6

Add ASP.N

Create the

Deploy a s

Deploy the

Create and

ask 1: StartStart 6427

ask 2: Start

oodgrove

Start 6427

Deployin

quest to depl

so that the E

rview

students will l

ain tasks are:

27A-NYC-DC

27A-NYC-WE

ET and Dyna

SalesSupport

cond copy of

application u

assign an ap

the 6427A--NYC-DC1.

the 6427A-

ank\Admin

-NYC-WEB-

Impro ed Pe forma ce

Applications

oy a second c

terprise Desi

opy of an inst

n QA team c

alled applicati

n test the pr

on, and then

posed updat

eploy update

s.

s to the

earn how to deploy an application, as welll as application updates, wi h

1 virtual mac ine.

B-A virtual m chine and lo on as Wood rovebank\Administrator.

ic Content C mpression fe tures to the IIS Role.

pplication and copy the ASP.NET application files.

sSupport2 usithe SalesSup ort application named Sale g Xcopy.

ng Xcopy.pdates to SalesSupport2 usi

lication pool or SalesSupp rt2 and test f unctionality.

C1 virtual machine

YC-WEB-

istrator

virtual ma hine and log on as

, and log on as LocalAdmin with the password of Pa$$w0rd.

8/9/2019 6427 a Lab Manual

56/170

8/9/2019 6427 a Lab Manual

57/170


Exercise 2: Configuring IIS Performance Options

Scenario

Next you will configure performance options for the SalesSupport application. First, you will use

Performance Monitor to look at the current machine performance. Then you will configure and test

output caching, compression, and throttling.

Exercise Overview

In this exercise, students will learn how to configure IIS Performance Options.


1.

Use Performance Monitor to measure performance.

2.

Configure Output Caching.

3.

Configure Compression.

4.

Configure connection limit throttling.

Task 1: Use Performance Monitor to measure performance

1.

On NYC-WEB-A, open Performance Monitor.

2. Remove all counters, and then add the Web Service counters Bytes Sent/sec for all instances.

3. With Performance Monitor running, in Internet Explorer, browse to

http://localhost/salessupport/test.aspx.

4.

After the page loads, click refresh several times rapidly. Notice that the time is dynamically updated

with each refresh. Close Internet Explorer.

5. Examine the throughput in Performance Monitor.

Task 2: Configure Output Caching

1. In IIS Manager, add a cache rule to the SalesSupport application for the extension .aspx.

•

Select Kernel-mode caching.

•

Click At time intervals, and then delete the existing text and type 00:00:10.

2.

In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several times

rapidly for at least 30 seconds. Notice how often the time is updated.

3. Browse to http://localhost/salessupport2/test.aspx, and then click refresh several times rapidly.

Notice that the time updates with each refresh.

4.

In Reliability and Performance Monitor, compare the graphs for the two pages. You may need to

zoom in to see the difference.

Task 3: Configure Compression

1. In Internet Explorer, browse to http://localhost. Click refresh several times rapidly.

2.

In Reliability and Performance Monitor examine the throughput.

3.

In IIS Manager, enable static content compression for the default web site.4.

In Internet Explorer, browse to http://localhost and click refresh several times rapidly.

5. In Reliability and Performance Monitor examine the throughput.

6. In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several

times rapidly.

7.

In Reliability and Performance Monitor examine the throughput.

8.

In IIS Manager, enable dynamic content compression.

http://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport2/test.aspxhttp://localhost/http://localhost/http://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/http://localhost/http://localhost/salessupport2/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspx

8/9/2019 6427 a Lab Manual

58/170

Lab Instructions: Tuning IIS 7.0 for Improved Performance 5

9.

In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several

times rapidly.

10. In Reliability and Performance Monitor examine the throughput and compare results.

Task 4: Configure connection limit throttling

1.

Open Internet Explorer and browse to http://localhost. Open two more tabs and browse to

http://localhost so that you have three tabs open to http://localhost. Right-click a tab and choose

Refresh All. Notice that all of the tabs refresh successfully. Close Internet Explorer.

2. In IIS Manager, set a Web Site Limit for the default web site so that the number of connections is

limited to 1.

3.

In Internet Explorer, open three tabs to http://localhost. Right-click a tab and choose Refresh All.

Notice that one of the tabs now reports an error.

4.


Results: After this exercise, you should have configured performance options and verified functionality.

http://localhost/salessupport/test.aspxhttp://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/salessupport/test.aspx

8/9/2019 6427 a Lab Manual

59/170


Exercise 3: Managing Application Pools to Improve Performance

Scenario

You will now modify the application pools to improve resource usage.

Exercise OverviewIn this exercise, students will learn how to manage application pools to improve performance.


1.

Use Reliability and Performance Monitor to measure resource usage.

2.

Recycle an application pool.

3.

Assign SalesSupport and SalesSupport2 to the same application pool.

Task 1: Use Reliability and Performance Monitor to measure resource usage

1. On NYC-WEB-A, open Internet Explorer and browse to http://localhost/salessupport. Open a

second tab, and browse to http://localhost/salessupport2.

2. Open Reliability and Performance Monitor. Examine the memory usage of w3wp.exe and the

number of instances.

Task 2: Recycle an application pool

1. In IIS Manager, recycle the SalesSupport2 application pool.

2. In Reliability and Performance Monitor, examine the memory and number of instances of

w3wp.exe and compare results.

3.


Task 3: Assign SalesSupport and SalesSupport2 to the same application pool

1.

In IIS Manager, modify the SalesSupport2 application to use the default application pool, and then

remove the SalesSupport2 application pool.

2.

Open Internet Explorer and browse to http://localhost/salessupport. Open a second tab andbrowse to http://localhost/salessupport2.

3.

In Reliability and Performance Monitor, examine the memory and number of instances of

w3wp.exe.

Results: After this exercise, you should have recycled and consolidated application pools, and verifiedresource usage with Reliability and Performance Monitor.

4.

es?

http://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupport2http://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupport

8/9/2019 6427 a Lab Manual

60/170

Lab Instructions: Ensuring Web Site Availability with Web Farms 1

Module 9

Lab Instructions: Ensuring Web Site Availability with WebFarms

Contents:Exercise 1: Backing Up an IIS Web Site 2

Exercise 2: Restoring an IIS Web Site 4

Exercise 3: Enabling Shared Configurations 5

Exercise 4: Configuring Network Load Balancing 6

8/9/2019 6427 a Lab Manual

61/170

2 Lab Instructions: Ensuring Web Site Availability with Web Farms

ab: En uring eb Sit

E

S

T

y

T

1.2.

3.

4.

T

T

•

T

•

xercise 1:

cenario

e Enterprise

u begin, you

e main tasks

Start the 6 Start the 6

Start the 6

Backup the

ask 1: Start

ask 2: Start

oodgrove

Log on to

• User:

•

Passw

ask 3: Start

oodgrove

Log on to

• User:

• Passw

Backing

esign Team

will back up a

for this exerci

27A-NYC-DC27A-NYC-WE

27A-NYC-WE

Web site, We

the 6427A-

the 6427A-

ank\Admin

YC-WEB-D.

oodgroveb

rd: Pa$$w0r

the 6427A-

ank\Admin

YC-WEB2.

oodgroveb

rd: Pa$$w0r

Avail bility ith W b Far

p an IIS

as asked you

n existing site

e are as follo

1 virtual macB-D virtual m

B2 virtual ma

b application,

YC-DC1 vi

YC-WEB-

istrator

nk\Administ

YC-WEB2

istrator

nk\Administ

eb Site

to explore op

and verify th

s:

ine.achine and lo

hine and log

and config fil

rtual machi

virtual ma

rator

irtual mac

rator

tions for incre

t it can be res

on as Wood

on as Woodg

es to the E: dr

e

hine and l

ine and lo

asing Web sit

tored properl

grovebank\Ad

rovebank\Ad

ive.

g on as

on as

s

availability.

.

efore

ministrator.

inistrator.

8/9/2019 6427 a Lab Manual

62/170


Task 4: Backup the Web site, Web application, and config files to the E: drive

1. Create a new folder:

• E:\Web Site Backup

2. Copy the files:

•

Source: C:\inetpub\wwwroot

• Destination: \\NYC-WEB-D\E\Web Site Backup

Results: After this exercise, you should have successfully backed up a Web site. Provide the results ofthe exercise so students will know when and if they have completed the lab exercise successfully.

8/9/2019 6427 a Lab Manual

63/170


Exercise 2: Restoring an IIS Web Site

Scenario

The Enterprise Design Team has asked you to verify that the backups can be restored properly. Do this by

restoring the Web files to a second server and confirm that the second server functions properly.

The main task for this exercise is:

1.

Restore the Web site, Web application, and config files from the shared drive.

Task 1: Restore the Web site, Web application, and config files from the shared drive

1. Open the default Web site in Internet Explorer on NYC-WEB2.

2. Copy the files:

•

Source: \\NYC-WEB-D\E\Web Site Backup

• Destination C:\inetpub\wwwroot

3.

Refresh the default Web site in Internet Explorer on NYC-WEB2.

Results: After this exercise, you should have successfully restored a Web site to a second server. Providethe results of the exercise so students will know when and if they have completed the lab exercisesuccessfully.

8/9/2019 6427 a Lab Manual

64/170


Exercise 3: Enabling Shared Configurations

Scenario

The next step is for increasing Web site availability. Now that you have two identically configured Web

servers, implement shared configurations for them.


1.

Export and Enable Shared Configuration.

2. Add the second Web server to use the Shared Configuration.

3. Test the Shared Configuration.

Task 1: Export and Enable Shared Configuration

1. Export configuration using IIS Manager.

• Server: NYC-WEB-D

• Physical Path: \\NYC-WEB-D\E

• Encryption keys password: Pa$$w0rd

2.

Using IIS Manager, enable shared configuration.


• User name: Woodgrovebank\Administrator

•

Password: Pa$$w0rd

• Encryption key password: Pa$$w0rd

3.

Using IIS Manager, start Management Service.

Task 2: Add the second Web server to use the Shared Configuration.

1.

Using IIS Manager, enable shared configuration.

• Server: NYC-WEB2


• User name: Woodgrovebank\Administrator

• Password: Pa$$w0rd

• Encryption key password: Pa$$w0rd

2.

Using IIS Manager, start Management Service.

Task 3: Test the Shared Configuration.

1. Using IIS Manager, add the default document for NYC-WEB-D.

•

Server: NYC-WEB-D

• Name: test.html

2.

Using IIS Manager, check the default document for NYC-WEB2.

Results: After this exercise, you should have successfully configured a two-server network with anunderlying foundation of shared configurations.

8/9/2019 6427 a Lab Manual

65/170


Exercise 4: Configuring Network Load Balancing

Scenario

With the two Web servers set up with Shared Configurations, configure Network Load Balancing to

increase Web site availability.


1.

Create a new Network Load Balancing cluster.

2.

Add the second host to the Network Load Balancing cluster.

3. Add the second server to the Network Load Balancing cluster.

4. Verify Network Load Balancing using NLB commands.

Task 1: Create a new Network Load Balancing cluster

•

Using Network Load Balancing Manager, add a new cluster.


• Host: NYC-WEB-D

•

Interface IP address: 10.10.0.21 • Cluster IP Addresses, IPv4 address: 10.10.0.27

• Cluster IP Addresses, Subnet mask: 255.255.0.0

•

Full Internet name: cluster.woodgrovebank.com

Task 2: Add the second host to the Network Load Balancing cluster

• Using Network Load Balancing Manager, add the second host to the cluster.

• Host: NYC-WEB2

• Local Area Connection interface IP address: 10.10.0.26

• Priority (unique host identifier): 2

Task 3: Add the second server to the Network Load Balancing cluster

• Using Network Load Balancing Manager, add the second server to the cluster.


Task 4: Verify Network Load Balancing using NLB commands

1.

Using the Command Prompt, verify Network Load Balancing.


•

Command: NLB query 10.10.0.27

2.

Using the Command Prompt, verify Network Load Balancing.


• Command: NLB query 10.10.0.27

3. Using the Command Prompt, verify Network Load Balancing.


•

Command: NLB display

8/9/2019 6427 a Lab Manual

66/170


Results: After this exercise, you should have successfully restored a Web site to a second server. Providethe results of the exercise so students will know when and if they have completed the lab exercisesuccessfully.

8/9/2019 6427 a Lab Manual

67/170

Lab Instructions: Troubleshooting IIS 7.0 Web Servers 1

Module 10

Lab Instructions: Troubleshooting IIS 7.0 Web Servers

Contents:Exercise 1: Troubleshooting Authentication 2

Exercise 2: Troubleshooting Authorization 4

Exercise 3: Troubleshooting Communication 5

Exercise 4: Troubleshooting Configuration 6

8/9/2019 6427 a Lab Manual

68/170

2 Lab Instructions: Troubleshooting IIS 7.0 Web Servers

ab: Tr ublesh oting IIS 7.0

E

S

Y

a

d

EIn

T

1.

2.

3.

4.

5.

6.

7.

T

•

T

•

xercise 1:

cenario

u receive a s

cessed by do

etailed error


is exercise’s

Start the 6

Start the 6

Browse to

Examine th

Enable Det

Reproduce

Resolve th

ask 1: Startoodgrove

Start 6427

ask 2: Start

oodgrove

Start 6427

Troublesh

rvice request

main users wit

essages, you

rviewyou will trou

ain tasks are:

27A-NYC-DC

27A-NYC-WE

ttp://localhos

e log file.

ailed Error Me

the issue and

issue and tes

the 6427A-ank\Admin

-NYC-DC1 a

the 6427A-

ank\Admin

-NYC-WEB-

ooting A

asking to res

hin the comp

must resolve t

leshoot an au

1 virtual mac

B-E virtual m

t/salessuppor

ssages.

examine the

t functionality

YC-DC1 viistrator

nd log on as

YC-WEB-E

istrator

and log on

eb Servers

thenticat on

lve a user issu

any, but is not

he problem.

e. The passw

allowing acc

rd-protected

ss to anyone.

intranet site is

Using logs an

d

thentication i

ine and log o

chine and log

.

etailed error.

.

rtual machi

oodgroveb

virtual mac

s Woodgrov

sue using IIS logs and detailed error mes ages.

n as Woodgrovebank\Administrator.

on as Wood rovebank\Administrator.

e and log n as

nk\Adminis rator, password Pa$$w0rd.

hine and log on as

bank\Admi istrator, password Pa$$w rd.

8/9/2019 6427 a Lab Manual

69/170

8/9/2019 6427 a Lab Manual

70/170

4 Lab Instructions: Troubleshooting IIS 7.0 Web Servers

Exercise 2: Troubleshooting Authorization

Scenario

You receive another service request to secure another Web site where all users are able to view the

content. You must reproduce the issue, determine the cause, and resolve the issue.

Exercise Overview

In this exercise, you will troubleshoot authorization using Failed Request Tracing.


1.

Browse to http://localhost/salessupport2.

2.

Enable Failed Request Tracing and add a rule to trace successful requests.

3.

Reproduce the issue and examine the Failed Request Tracing log.

4.

Resolve the issue and verify functionality.

Task 1: Browse to http://localhost /salessupport2

• On NYC-WEB-E, in Internet Explorer, browse to http://localhost/salessupport2.

Task 2: Enable Failed Request Tracing and add a rule to trace successful requests

•

In IIS Manager, add a Failed Request Tracing rule to trace successful requests.

Task 3: Reproduce the issue and examine the Failed Request Tracing log

1. In Internet Explorer, browse to http://localhost/salessupport2.

2. Examine the latest failed request tracing log in c:\inetpub\logs

\FailedReqLogFiles\W3SVC1. Examine the authorization information in the log.

Task 4: Resolve the issue and verify functionality

• Based on the log, modify the configuration in IIS Manager to correct the issue.

•

In Internet Explorer, browse to http://localhost/salessupport2 to verify that the issue hasbeen corrected

Results: After this exercise, you should have successfully enabled failed request tracing, and resolvedthe authorization issue.

http://localhost/salessupport2http://localhost/salessupport2http://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupport2

8/9/2019 6427 a Lab Manual

71/170

Lab Instructions: Troubleshooting IIS 7.0 Web Servers 5

Exercise 3: Troubleshooting Communication

Scenario

Users are reporting that a Web application is returning an error when they try to browse to it. You must

troubleshoot why the Web application cannot open the content.

Exercise Overview

In this exercise, you will troubleshoot communication using tools.


1.

Reproduce the issue.

2.

Use Ping to verify communication with the Web server.

3.

Enable detailed errors and examine the detailed error.

4.

Correct the problem and verify functionality.

Task 1: Reproduce the issue

• On NYC-DC1, in Internet Explorer, browse to http://nyc-web-e/netapp/content.

Task 2: Use Ping to verify communication with the Web server

•

At the command prompt, type ping NYC-WEB-E, and then press ENTER.

Task 3: Enable detailed errors and examine the detailed error

1.

On NYC-WEB-E, in IIS Manager, enable detailed errors.

2. In Internet Explorer, browse to http://localhost/netapp/content.

•

Examine the detailed error information.

Task 4: Correct the problem and verify functionality

1.

On NYC-WEB-E, in IIS Manager, correct the configuration based on the information from the

detailed error.2. In Internet Explorer, browse to http://localhost/netapp/content to verify that the error has been

corrected.

Results: After this exercise, you should used ping to verify communication, enabled detailed errormessages, and resolved the error.

http://nyc-web-e/netapp/content.http://nyc-web-e/netapp/content.http://localhost/netapp/contenthttp://localhost/netapp/contenthttp://localhost/netapp/contenthttp://localhost/netapp/contenthttp://nyc-web-e/netapp/content.

8/9/2019 6427 a Lab Manual

72/170

8/9/2019 6427 a Lab Manual

73/170

Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server 1

Module 1

Lab Answer Key: Configuring an Internet InformationServices 7.0 Web Server

Contents:

Exercise 1: Installing IIS Using Role Manager 2

Exercise 2: Installing IIS Using Unattended Setup 4

Exercise 3: Installing IIS on Server Core from Command Line 6Exercise 4: Configuring IIS and Validating Functionality 7

8/9/2019 6427 a Lab Manual

74/170

2 Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server

Lab: Configuring an IIS 7.0 Web ServerLogon Information:

• Virtual Machine: NYC-SVR1, NYC-SVR2, NYC-SVR3

• User Name: LocalAdmin or Administrator

•

Password: Pa$$w0rd

Estimated time: 60 minutes

Exercise 1: Installing IIS using Role Manager

Scenario

You receive a service request from the Enterprise Design Team to prepare three Web servers to host Web sites and

Web applications. One of the companies acquired by Woodgrove Bank has a classic ASP application that needs to

be hosted in IIS7.