Solved

Multiple IIS servers, multiple websites, non-cluster

Posted on 2010-11-16
20
1,363 Views
Last Modified: 2013-03-21
I have two web servers, one is Win2003 IIS 6.0 and the other is Win2008 IIS 7.  I need them to host completely different/separate websites (non-cluster, non-load balance, just two separate servers).  Right now I have one single public IP and a basic Linksys router.  SHould I:

1) purchase a 2nd IP address and upgrade my router to a model that supports 2 public IP addresses?

2) Install ARR 2.0 on the Win2008 box and point the incoming requests to the appropriate IIS server? (Is this even possible?)

3) Other?

Thanks
JF
0
Comment
Question by:jfischer12
  • 10
  • 10
20 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34151815
Hi,

1) The first option is OK.

2) If you'll be using https to access your websites I think ARR is not an option (although not 100% sure).

3) Some firewalls are able to route http/https traffic to different internal hosts based on host headers. I've done it before with ISA server but I don't know if that is the option for you.

4) Depending on what will be hosted (and how much users might be annoyed), you might set up access to one website on non-default port e.g. access it by http://www.mydomain.com:81 or https://www.mydomain.com:444 and set up your Linksys to route the traffic appropriately.

Regards,
Tomislav

0
 

Author Comment

by:jfischer12
ID: 34152444
I won't be using https at all and can't use ports other than 80 (forgot to mention).  One of the audiences is in a locked down environment that only allows web traffic on 80.  They cannot access the sites on any other port.

Will ARR support both an IIS 7 server and an IIS 6 server or do they both have to be IIS 7?
Thanks,
JF
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34160847
Hi,

sorry for the late answer, busy day... I've tested ARR for this only on IIS7 target servers but I think that any web server could be targeted this way (so my guess on IIS 6.0 is a "yes").

The server running ARR proxy must be IIS7 and I think it shouldn't host any sites itself (I may be mistaken - I've never actually tried such coniguration).

Also regarding https access with ARR - I might be wrong there because my attempted setup involved Terminal Services Gateway (which utilizes https) + ARR and I couldn't get those two to work together.

Regards,
Tomislav
0
 

Author Comment

by:jfischer12
ID: 34165666
Thanks for taking the time.  I have ARR 2.0 installed on a separate machine than the two web servers (win2008, IIS7).  I can create a farm, but from there I'm not sure which direction to head and the docs are not necessarily clear to me.  So all I need to do is route www.site1.com to server1 and www.site2.com to server2.  I don't need (nor want) load balancing or anything "sophisticated" like that, even though I understand it may be inherent in the structure.  I actually want the two servers to remain as separate as possible.  Given that, which function in ARR do I use?
Routing Rules (with URL Rewrite?)
Proxy
Server Affinity
I've looked at these functions and the corresponding docs and I'm still stuck.  Sorry to be so dense and thanks for your assistance.
JF
0
 
LVL 7

Accepted Solution

by:
tstritof earned 500 total points
ID: 34166538
:) Ah, the wonderful but not so well documented features of ARR. I'll give you "some" pointers :)

You will be using the ARR proxy so you won't be needing farms. So if you're not using farms for anything else - delete them (or it).

1) Open the IIS manager on your future "router". Click on your server name and locate Application Request Routing Cache in IIS group.
 Simple ARR routing - step 1
2) Right click the ARR Cache icon and choose Open Feature from the menu.
 Simple ARR routing - step 2
3) When feature window opens click Server Proxy Settings link on the right.
 Simple ARR routing - step 3
4) In Application Request Routing place a check mark in the Enable Proxy field, and then click URL Rewrite link on the right.
 Simple ARR routing - step 4
5) In URL Rewrite window there are no rules at this moment. Click Add Rules link on the right.
 Simple ARR routing - step 5
6) Select Blank Rule and click OK.
 Simple ARR routing - step 6
7) On Edit Inbound Rule screen: name the rule, set it to use wildcards, set the pattern to * and expand the conditions group.
 Simple ARR routing - step 7
8) Click Add to add the new condition.
 Simple ARR routing - step 8
9) Set the condition to look for requests that have www.site1.com in host header and click OK..
 Simple ARR routing - step 9
10) Scroll to the bottom of Edit Inbound Rule screen and set up the rule action which is to overwrite the original http request with http://server1/{R:0} (Make sure your DNS can resolves server1 name on the router, otherwise no music:)). Since this is all to be done if request matches the condition check the Stop processing of subsequent rules (this will optimize performance a tiny bit).
 Simple ARR routing - step 10
11) Click Apply in the top right corner of Edit Inbound Rule screen.
 Simple ARR routing - step 11
12) After changes are applied click on the Back to rules link.
 Simple ARR routing - step 12
13) Your new rule is there (I actually use some ARR stuff myself - hence the blacked out rules).
 Simple ARR routing - step 13
14) Add the second rule for your second website/server pair. In the end you should see something along the lines of this.
 Simple ARR routing - step 14
And that's it. Any http traffic coming to your router requesting www.site1.com should be routed to server1 and any http traffic requesting www.site2.com should go to server2.

Finally - one note. Your target web servers may be using host headers and may thus fail to appreciate :) your overwriting of the original host in http header with server1 and server2 respectively.

To resolve that you can ensure that http headers are forwarded in their original form to the target web servers:
1) On the "router" server open the elevated command prompt (Run As Administrator).
2) Navigate to %windir%\system32\inetsrv folder (probably c:\windows\system32\inetsrv).
3) Run the following command:

appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true

That's all for now. Let me know how it went.

Regards,
Tomislav
0
 

Author Comment

by:jfischer12
ID: 34180496
Thanks - I have everything configured as shown but I'm not having any luck.  The only wrinkle I did not mention to you is that server1 in this case hosts a few sites (using host headers) and so I added the 4 sites in the rewrite rule and selected "match any" .  I've tried both Match all and match any and no luck.  The router server resolves the other servers no problem from a command prompt.

The browser will sit for a while (looks like default timeout is 120sec) and eventually come back with a 501 or a connection issue.  The cache shows no requests but the firewall does have 80 open for inbound.  

I'm going to mark your instructions as the accepted solution because I can see it should be working.  Maybe there is something else in my environment causing the trouble.
Thanks very very much for your help.
JF
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34180522
Hi,

just to confirm - have you run the above "appcmd" command on your router? If you haven't then any target servers with multiple sites (each site configured for different host headers) won't work because they will be getting "http://server1" instead of "http://www.site1.com" in the request.

Regards,
Tomislav
0
 

Author Comment

by:jfischer12
ID: 34180973
Yes.  Here is the response:

C:\Windows\System32\inetsrv>appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true
Applied configuration changes to section "system.webServer/proxy" for "MACHINE/W
EBROOT/APPHOST" at configuration commit path "MACHINE/WEBROOT/APPHOST"

Any other ideas would be greatly appreciated.  I know you have gone over and above.
JF
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34180983
OK,

let's try this - remove all host names from the conditions but one and go with match all (I have such configuration and it works perfectly although the target IIS7 server hosts multiple sites with different bindings).

If it works I might have a solution :)

Regards,
Tomislav
0
 

Author Comment

by:jfischer12
ID: 34181035
Deleted down to one condition on server1.  Server2 only has 1 site.  
Same result, times out.  
Almost like the router server is never getting the request.  Can you tell me which log to look at for ARR?

JF
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 7

Expert Comment

by:tstritof
ID: 34181097
IIS logs are normally located at C:\inetpub\logs\LogFiles\W3SVC1 but you can check the setting through IIS manager (Logging applet for your server - same group where ARR Cache applet is located).

However I would check if the DNS name of your server 1 (the one you set in overwrite rule) can be sucessfully resolved from your router - this looks like the router can't find your server 1. So please check that before anything else. Also try opening a browser on your router and browse to http://server1 - what do you get?

Regards,
Tomislav
0
 

Author Comment

by:jfischer12
ID: 34181125
in a command window, server1 is reachable via ping (ping server1 works)
however, i will check through the browser.  I'm out for a bit so I appreciate the immediate follow up and will post resutls in awhile.
Thanks!
JF
0
 

Author Comment

by:jfischer12
ID: 34181580
From the router server, in a browser, http://server1 returns the website I have listed in the rewrite rule.

Let me know if you want to close it down I can keep hacking on it.
JF
0
 

Author Comment

by:jfischer12
ID: 34183559
Is the setting "Use URL Rewrite to inspect incoming requests" on the Server Proxy screen relevant?
JF
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34183704
Well, I don't thin so since I have a working configuration without it.

However, you can activate it as part of troubleshooting - it will create a rule named "ARR_server_proxy". Renaming that rule clears the flag on proxy.

Also I don't think your www.site2.com would work either if the setting was required.

I'll try describing the test setup I have - maybe you'll get some ideas:
1) Router server - W2K8 standard with IIS7 and ARR.
2) Target server 1 - SBS 2008 with IIS7 running SBS default site hosting SBS services and multiple WSS web applications (all sites with customized bindings).
3) Target server 2 - W2K8 standard with IIS7 hosting WSS web application.

External requests hit the public IP address of the Linksys router/firewall and get forwarded to server hosting ARR. The server then routes the traffic to the target web servers with http headers intact.

The only difference in setup is that I'm using internal fqdn for routing and not NetBIOS name (meaning server1.mydomain.local and server2.mydomain.local).

I think there's some other problem at work here, however it's hard to guess what it is without more detailed info on the setup and errors logged on the servers.

Regards,
Tomislav
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34183970
Well, you'll be glad to know that after messing with various settings on my ARR I've managed to get the 502 error. However, trying to reset the settings to initial config didn't seem to work :) Whatever I've broken got to be so after I've reset my router and target IIS a couple of times.

Now that I've got the problem reproduced on my setup I'll try to find the cause of it and will report here after I get it resolved. I'm starting to believe that the original directions I've posted may only work in a specific situation and not as general solution.

Regards,
Tomislav
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34184534
:( I'm pathetic...

I've just wasted couple of hours of troubleshooting (playing with host headers, analyzing logs, checking DNS, playing with authentication settings, restarting IIS...) ONLY to find out that during one of earlier config changes I accidentaly deleted one slash in my rewrite URL... So instead of rewriting the incoming requests to:

http://myserver.mydomain.com/{R:0}

the requests got overwritten to:

http:/myserver.mydomain.com/{R:0}

The only benefit that came from this is that I can easily reproduce the 502 error (just put a typo in rewrite URL) - which leads me to believe that there is a problem with accessing your target server1 from your router.

Another thing I wanted to eliminate as a problem was IIS6 on W2K3 server hosting multiple sites. So I've created two sites on that environment (one WSS one pure IIS). Also I set up routing for different domains (arr-test.mydomain.net and arr-test.mydomain.com) in a single "Match Any" rewrite rule.

ARR routes perfectly.

So unfortunately, your problem is stil a bit of a mistery to me - definitely focus on the problem of resolving http://server1 on your router.

As a final thought - during my unfortunate troubleshooting session I've installed the Advanced Logging extension for IIS7 (link here) that helped me a bit to understand what requests were actually hitting my router and target servers. However the tool is available only for IIS7. But I suppose there are tools for this purpose that target any existing web server so you could try googling some of them.

And of course, check for typos :)

Regards,
Tomislav
0
 

Author Comment

by:jfischer12
ID: 34184835
OK thanks for everything.  I will give the Advanced logging a look.  I'm using netbios for routing so that may be it, although the router server can definitely see server1 and server2 via the browser.

Go ahead and move on with your life!

Thanks,
JF
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34185610
:) No problem. I've learned something myself on this one. Good luck and post back here when you resolve the issue, I'm really curious what turns out to be the culprit.
0
 

Author Comment

by:jfischer12
ID: 34190317
Solved it by re-installing OS clean.  In the previous installation, I had installed Sharepoint Foundation and then removed it and the sites/web applications it creates.  I'm just guessing it must have been something in that install that conflicted.  Because now it works fine after a clean install on the router server.

Thanks again!
JF
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now