Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post

Brown Paper Envelope on Table
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challenge.
Exploring ASP.NET Core: Fundamentals
LVL 19
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Credit Card
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Silver and Gold Coins
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
CC0 License
Some of you might know that emails by design have two types of sending and receiving addresses. Yes, you read that right – it’s not just the one you see on your email.

The first type of sending address is the envelope sender which is not visible to the user on their mail client or even in the headers. You can co-relate this with a physical letter, which after being put in an envelope has the address on the outside which is used by the courier to deliver the envelope to the intended destination. Similarly, the envelope sender is used for routing purposes on the Internet.

The second type of sending address is the header From address. This is the one you see displayed on your email or in the headers as From: address. In our metaphor, this would be the address you write on the letter itself. In real life, the envelope can be addressed to A and the letter can be addressed to B. Similarly, email does not require the envelope sender to match the header From address.

So the email that you see coming in from could easily be from .

This is one of the ways the bad guys send out CEO Fraud emails or as termed by the FBI, ‘Business E-Mail Compromise’. The emails almost always originate from an external source. This means that the envelope sender is from an external domain but the header From address is spoofed to look like it is coming from your domain. There are very simple steps you can follow when using our email filtering to …
Custom 404 Error Message
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either.
In this article, I will show you how to enable the custom 404 error page, for your site.
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
LVL 17

Expert Comment

Please make sure IIS_USRS having the Full Control to your Wordpress folder recursively.



It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a possible implementation.

The benefits of multiple websites on single instance of web server are:


Reduced hardware cost


Reduced resource consumption


Reduced maintenance


Reduced physical space requirement
Alongside benefits there are limitations. Production servers usually have load balancers which roughly and by layman means same website on multiple servers. Therefore, a single server with multiple websites does have limitations in terms of the maximum possible load they can handle. There might be a resource problem if there is a heavy user base.

Not only IIS, other web servers like Apache also support hosting multiple websites on a single web server. Multiple websites hosted on a single web server need to differ in one of the three primary parameters while hosted:


IP address


Host header name


Port number

Multiple websites using multiple IP addresses

When hosting two web sites (or more) on one web server we can associate the two web sites with two different IP addresses. Different configured web sites can be accessed with the configured IP addresses. For example,
Web site 1 - 
Web site 2 - 

Author Comment

by:Neeraj Soni
Thank you, Matt.

- Neeraj

Expert Comment

Really Good Info....
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times.

After you install the OS you will need to install the following server features.

- IIS6 Management Compatibility
- IIS Management Console
- ISAPI Extentions

You will also need Procmon and Pstools.

We need to register ASP.DLL and to do this we need to run the following from the command line:

C:\WINDOWS\SYSTEM32\inetsrv\regsvr32 asp.dll

This will register the Classic ASP library in IIS 7

We need to configure the App Pool we are using to Enable 32 Bit Applications. This can be done by running the following from the command prompt:

%windir%\system32\inetsrv\appcmd set config -section:applicationPools -applicationPoolDefaults.enable32BitAppOnWin64:true

Now you should create a test.asp file in order to test if ASP has been properly registered.

I've used this code:


Response.Write "This is the new www5"


Open in new window

This was throwing me the following error

This is the new www5 error '8002801d'

/test.asp, line 4

Here is where Procmon and Pstools come to work. Procmon is a really handy application which will help you trace any process that is running on the system. While using…
OWASP: Forgery and Phishing
LVL 19
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

What is an ISAPI filter?  
•      It's an assembly (.dll file) that can add or change the way IIS works.  
•      They can be enabled globally for your web server or on a site-by-site basis.  

When the IIS server receives a request, enabling the ISAPI filter will cause IIS to watch the requests coming and going, listening for one that calls a function that is specific to the filter.  When that particular function is called, the ISAPI filter allows the request to be directed to the appropriate assembly for execution and response.
For example, let's say you have a .dll that allows you to send you an e-mail when the user triggers an "access denied" response from the server.  When you enable the filter, any user request that triggers an access denied response will first execute the custom .dll's code, that code will send you an e-mail, and then control passes back to IIS to continue processing the access denied response.
 You can find an excellent (and short!) low-level explanation of ISAPI Filters at the following article:
Some applications need support for ISAPI extensions and this is disabled by default in IIS.  Enabling ISAPI for an individual web is very easy, provided the web application is running in Integrated Mode.  However, since my shop has a combination of 2.0 and 40. apps, Classic and Integrated, and even Enable 32-bit Applications True/False, our "Classic" apps will not allow IIS 7 to set …

Author Comment

Thanks Mark - I did re-read the guidelines for Experts Exchange earlier.  To be honest, I think this is probably better as a "How-To" than anything else.  The bottom line is I want to graphically walk people through steps like these and figured a neatly-encapsulated PDF is the way to go.  I'll remove and re-do...perhaps I need a bit more schooling in our interface here first too.

Thanks again for your help!

Debug Tools to analyse IIS process:

This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage.

To take dumps,download the following.

Install1: To start with you need to download the debugging tools which can be found at Install it on the machine(webserver) where application is running in IIS to take dumps.

Install2: Download symbols from and install or you can copy to shared path.

Steps to take dumps:

Step1: Get the process ID for the IIS worker process. You can get either from taskmanager and selecting PID to get it or Run IISapp from C:\<windowsdirectory>\System32.

Step2: Adplus will take dump at current state of CPU/IIS process. Make sure to take dumps when CPU is very high. Now goto path where you installed debugging tools earlier.i.e(C:\Program Files\Debugging Tools for Windows (x86)). Here we need to run adplus command. Example(C:\Program Files\Debugging Tools for Windows (x86)>adplus.vbs -hang -p 492) 492 is process id from step1.

Result: This will create the dump in same path with date and timestamp. The directory contains the dmp file, txt file, adplus report, process list with PID appended.

Steps to analyse the results:

Now that we have taken dumps you can analyse on the same machine or on different machine.

LVL 10

Author Comment

why is this neglected ?

Expert Comment

Hello Pramod i am looking for desperate help on IIS could you please email your contact details to my email ID i wil ltouchbase with u
First of all, clustering IIS is something you should rarely consider doing.

In almost all cases, Microsoft Network Load Balancing (NLB) is a much better solution when you need to provide high availability for your web applications.  There are situations, though, where you have limited hardware or infrastructure that is serving multiple purposes and installing IIS on a cluster is your only option.  

If you do find yourself in this predicament and have to configure IIS on a cluster, the good news is that the process is actually fairly straight-forward.  Since the focus of this article is the setup of IIS on clustered servers, I'm going to leave out all of the Microsoft Cluster Services (MSCS) specifics, assuming you already have the cluster created along with the appropriate disk group and virtual IP resources.  However, if you need help with that part, the following TechNet article "How to Create a Windows Server 2003 Failover Cluster for Cluster Continuous Replication" should help to point you in the right direction.

Here's what you do to configure IIS on an active/passive MSCS cluster:

Install IIS to a local drive on each node of your cluster.
Create a folder on the clustered data drive to hold the website content.
If you are going to create a new site to use other than Default Web, verify that the Default Website is either stopped or bound to a local IP on Node A.  Then create a website on Node A and bind it to All Unassigned.
LVL 61

Expert Comment

by:Kevin Cross
Agree Tray896, load balancing of web sites is much more common; however, I feel you have captured how to cluster IIS quite nicely.  
As such, I have voted YES above!

Thank you for your efforts.

Expert Comment

by:Vivek Reddy

Unfortunately there is no automated way to sync configuration (metabases) between IIS 6.0 servers.

Using iiscnfg.vbs is probably the easiest way to sync changes between the two servers and is in fact used for the servers.

The alternative is to make all changes made to one IIS server to the other, for instance the provisioning tools that we use create the website on both servers at the same time.

I hope this helps.
Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project.

Let's get started with  scenario -
How do we get a username from IIS logs even when anonymous access is enabled.  In other words, IIS has enabled  with anonymous authentication, but we need to find the username who logged into our application.  

So the challenge is: based on Cognos - IIS logs to get the usernames who logged into the Cognos application(s) using the Logparser tool.  After continuous reviewing of the IIS logs, one interesting thing that surfaced was the data in the cs(cookie) field.

Below is an example of how cs(cookie) attribute looks like.

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no issues.  But if I tried to hit it within a browser on the server or browsed directly from IIS, I encountered a login prompt that I couldn't get past.  Even with my domain admin credentials I could not get past the login prompt, and after three attempts I was met with a 401.1 which IIS told me was due to invalid credentials.  But if my credentials were really invalid, why would it work just fine from my laptop with those same credentials?



After looking in the event logs, I found multiple entries for event ID 537 in the security log.  Notice the odd characters listed for the Logon Process.


After doing quite a bit of digging through Google I finally came across this article ( ) which explains that this behavior is actually caused by a security feature that was introduced with SP1 for Windows Server 2003.  The cause of the errors is a loopback security check that was introduced in order to prevent reflection attacks. With this loopback check in place, you will be unable to authenticate to any site using windows authentication locally from the server.

Moving forward you have a couple of different options.  You could …
LVL 15

Author Comment

Hey Rovastar.  This issue will happen locally on the server whether you use localhost or the actual registered domain name.  You can read more about it here:

Expert Comment

Brilliant - I have been struggling with this annoyance for months and stumbled across your fix while looking for something else. Its hard to believe that a "by design" MS change results in non printing characters being displayed in the secuity log, though, isnt it!
Here are the symptoms:

You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't running.  When you attempt to start it, you're met with this ugly error:

Attempting to start INETManager (start > run > Inetmgr) will generate an equally unwelcome error that will say something like

The specified handle is invalid.  Do you want to continue to connect in the future?

This issue occurs when the machine key is under stress, which causes the Crypto subsystem to incorrectly reset the value of the MachineGUID key and in turn makes the original IIS machine key invalid and the IIS admin service unable to access the metabase.

To resolve this issue, go through the following steps:

Backup and delete the existing machine key

1. Open windows explorer, and navigate to C:\Documents and Settings\All Users\Application Data\Microsoft\CryptoRSAMachineKeys .   Verify that you have hidden files/folders turned on, otherwise you won't be able to see this directory.

2. Right click on the Name field, and select Created, so that the details will show you the created date/time of each file.

3. Look for files that start with c23.  You should have 2 of them at this point and they will look similar to this:

4. Backup a copy of the c23 file which has the most recent created …

Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.