Microsoft IIS Web Server




Articles & Videos



IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post


I'm developing a web application to be used by thousands of users.

The development is done under Alpha anywhere that relies on IIS
My question is the following: what are the limitations of IIS in terms of "servicing" users ?
How many users can hit the server at the same time ?

What are the configuration possible if I have 15000 users ?
How do u calculate the need ?
PeopleSoft Has Never Been Easier
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now


I recently performed a clean install of Windows 10 Pro on my desktop and included IIS version 10.

I'm looking for the steps to allow other computers on my network to view pages on my local website and client websites under development. I believe this is a security issue but I'm not sure.

Any assistance is most appreciated.

Much thanks,
David Bach
I'm looking for a most straightforward way to kill a process when it reaches a user defined memory usage threshold.

The Problem: I host multiple websites via IIS 10 on a Windows 2016 server. However I have one or two sites that start returning a 500 Error to users when the sites WPW3.EXE process exceeds 150,000K of Private Working Set Memory,

Simply ending the process resolves the issue because it re-spawns automatically.

POSSIBLE SOLUTION: I'd like to create a monitor that will automatically kill a specific WPW3.EXE process belonging to a certain user (website) when the process reaches a specific memory usage value.

Any and all constructive input is appreciated.

Best regards.

I have a site with anonymous access to the public side and userid/password protection to the admin side.  I've suddenly started getting failures trying to log in to the admin section.  

Environment: Windows server 2008 R2 Standard;  IIS 7.5
For the admin folder, I have Basic authentication and Windows Authentication enabled.

Tried logging in with the local administrator account and that failed.
Detailed error information was:

Module  WindowsAuthenticationModule         Requested URL: http://..../admin
Notificaiton: AuthenticateRequest                     Physical Path   d:\...
Handler: StaticFile                                                 Login Method  Not yet determined
Error code   0xc000006d                                      Logon User       Not yet determined

In the Security event log I'm seeing 4625 failures:

An account failed to log on.

  Security ID:     NULL SID
  Account Name:     -
  Account Domain:  -
  Login ID:                0x0
Logon Type:            3

Account For Which Logon Failed:
   Security ID:         NULL SID
   Account Name:   administrator
   Account domain: cf

Failure Information:
   Caller Process ID:  0x0
   Caller Process Name:   -

Network Information:
   Worksation Name:  CF
   Source Network Address:
   Source Port: 54061

Detailed Authentication Information
  Logon Process:
  Authentication Package: NTLM
  Transited Services:   -
  Package Name (NTLM only): …

I've got the existing Exchange Server 2013 Standard SP1 that is running as MBX&CAS role in one AD site called Default-First-Site-Name.
I want to decommission it so that I can run the both MBX & CAS on new Win2012 R2 VM so I can configure DAG on the other AD site called Head-Office1.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Mailbox & Client Access Server] - Windows Server 2008 R2 existing legacy.
PRODMAIL15-VM [Mailbox server only] - Windows Server 2012 R2 newly built for DAG.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Decommissioned]
PRODMAIL15-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 setup for DAG with Head Office.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG with PRODMAIL15-VM.

How to do that safely without causing email flow issue during the production business hours ?
What're the steps in installing CAS so that it does not cause any email flow during the business hours on PRODMAIL15-VM ?
If I install the windows update now during the business hours on PRODMAIL15-VM is there any impact or problem when I reboot it ?

Thanks, in advance.
I have set up and created a website in IIS 10.  I have posted the settings in screenshots below.  The issue is, I can access the website when I go to on my LOCAL PC that hosts the website, however when I go to the same on my phone or other PC not connected to my local network, it gives an error saying cannot find my website.  My question is, what am I missing that I cannot view my website from devices not on my local network?
Hi guys. I have a situation where I have a dc with the domain.local setup. IIS was already setup for a database application. I've been asked to setup Microsoft work folders. Ports 443 are already in use.
I've setup the role, the service groups atc. However I'm stuck on the ssl part. Do I have to go for a public ssl very, do I need a public addressable domain name and an A record setup or is it possible to have a local domain do this. If a public domain is needed how do I get it to work with a .local private dc convention?
I am trying to configure SMTP on a webserver 2008 r2 sp1 for a php contact form in one of my websites.  However, when i go into IIS 6.0 manager to configure it, It doesnt give me the option to create a virtual SMTP Server. I have watched a multitude of videos on how to setup and configure SMTP but server is not cooperating with the instructions I find.   Also,  as a FYI... I rebooted the server several times and especially as IIS 6.0 keeps on crashing or when I expand the webserver, it show me Application pool and Website and all the websites have a red Triangle with an exclamation point and no name just site #
Hello all,

I've spent so many hours on this now and can't figure it out.

I've created a really basic proxy.pac file, published as a website in IIS7.

Chrome and Firefox show the contents of the pac file within the browser as plain text, this is good.

But Internet Explorer always tries to download the file when I go to the URL!

It's driving my crazy trying to figure this out!

Only specific changes I've made in IIS7 are...

- MIME type (.pac) = application/x-ns-proxy-autoconfig

- HTTP response header (Content-Type) = text/plain

I am an amateur at IIS, been working in IT for 13 years but first time looking at this stuff.

First time I've ever had to post anything technical on a forum because I'm completely stumped.

I'm sure it's going to be one simple setting somewhere that I've missed, But I must have clicked on every Google result ever trying to find the answer!

Screenshots attached.

Please help I will be so grateful  : - )

Thank you,



Michael hOGGATT
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


I've got two load balanced IIS servers that are balanced via F5 round robin load balancing to a shared SQL Backend and File Server, I will call the IIS servers 1 & 2. Both servers have a pretty evenly distributed load, with 2 normally seeing slightly more connections than 1. Somehow though, 1 seems to be experiencing more worker process CPU load across the application pools.

All IIS Settings appear to be the same, CPU wait time seems to be the same on the worker processes. I'm really struggling here to find any differences between the two sites.

Any help would be appreciated.

It's been a couple of times our user's credentials got comprised via phishing scheme. As the result, the hacker logged into that user's OWA account and remained logging in forever to read the email communication or download, etc. My question is, is there a way to detect a user(s) who remain logged in OWA for long time, say 10 hours, using IIS log file?
Hi Guys,

I am new to IIS.  I have a website in IIS (testsite) which I would like to publish internally.
The users are able to access the site currently by browsing to http://servername/testsite  (internally)

My question;

I've setup an internal A-record in DNS;

How do I add (bind) this internal A-record in IIS to this site?
Hello dears,

I have a problem with an application calleb vizbee that  deployed on a IIS SERVEUR and a DB sqlserver

but i have an access problem  see the picture
I tried to set up the POCA database (instructions:  and when I  try to connect to the database through the website, it shows the directory  and not the sign in page. Someone suggested the issue might be with IIS and not the actual database itself, but I don't know what it could be.

I can send over the log file, the web config file and also a screen shot of what I see when I try to connect if that helps. Instructions for the particular database I was trying to set up are above.
I have 1 website with 1 IP in IIS using both port 80 and port 443. I own 2 wild card certs, one for the external address ( and one of the internal address (

Current SSL certificate that's tied to port 443 is using the external Cert. And the website is reachable external via SSL without issues.
Internally we can reach the website using http on port 80 with the FQDN and that works fine

Management wants SSL applied to the internal web site instead of using http. One method I thought of was to add an additional IP to the website. In Local DNS add a new host name pointed to that IP. Bind the internal Cert to the IP on Port 443. Everyone goes to the website using the new FQDN. To get to the internal Site they using the new FQDN. The concern I have with this approach is that the server still has 2 IP's and local DNS will reflect that. If anything anywhere references the FQDN of the server they could end up getting an error or the wrong item displayed. I

what other options are there?
i have installed a (test) web site (only the default web site generated by vs2015  on a iis who already have other web site.
I have asked to my isp to route point to my webserver with an url like
Everything work well with the home page, but when i click to another page i have an 404 error message.
 404 - File or directory not found.
The ressource you are looking for might have been removed, had it's name changed, or is temorarily unavailable.

I have checked already on the net for a solution but nothing changed.
I need help.
Thank you

I'm having an issue where we have domain, and there's currently a site under the Default Web Site that is working with it (Web Access). We also have two other sites under that same Default Web Site, but I can only access them by localhost or IP without https. We have a wildcard SSL cert installed, and it's working with the Web Access site. I'd like to be able to access both of the other sites using, but I can't get past the authentication. When I enter the url in the browser, I get an Authentication Required box, and I enter the local administrator credentials into it, but it doesn't authenticate. The box just reappears. I have given the IUSR account full access to the folder where the site resides in Windows. The authentication that is enabled for the working Web Access site is Anonymous and Windows Authentication. I have configured the other two sites to have the same authentication. If I cancel the Authentication Required box it gives me an 'access is denied' message which is expected of course. If I try to go to https://IPAddress/othersite it will allow me to enter the same local administrator username and password, and it will accept the login and take me to the site, but it crosses out the https, and says it's unsafe and to go back. If I click advanced and proceed, it will take me to the site. Please let me know if I can provide any other information.

Thanks in advance.

I had this question after viewing IIS Worker Process Uses 100% CPU.

Hey all

I've turned on logging to try and find the culprit why the cpu is getting hammered
But as an interim measure, I need to kill the process if the CPU is spiking for 1hr in case it happens when i'm sleeping and I'm not able to manually kill the process

I've looked into the setting on 2016 server and i see:

Limit (Percent)
Limit Action (i'll set this to Kill W3wp)
Limit Interval (minutes)

What I want to do is kill the process if the cpu doesn't drop below 80% for 45 mins
However, from what ive read, you can't just set 80% and 45 mins, because its an overall figure of total CPU use over 45 mins, and not if it stays at 80% and above for 45 mins

Any clarity on this would be useful and how i can acheive the goal
Enroll in June's Course of the Month
Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

I am administrator and I have a server that is running a IIS service that processes large amounts of data.  The application pool has shutdown twice and I am being told that the reason is because the memory usage on the server is going over 50% and IIS is shutting down the service to protect the server.  Somehow I am finding this a little hard to believe, but I cannot disprove the statement.  

Hi All,

for our Webpage, we are using IIS Windows Authentication for our staff members to create order forms,

we would like to have the user who submitted the Order to get a Notification email,

how do I go about getting the current logged on users e-mail address which is on our from our domain controller within
Hi, we currently have a website hosted internally (and NATted through the firewall for external access), example: root level of the website ( is public) but there is a which internal users access from anywhere simply by inputting their AD credentials.

What we want to do is make it more secure and bring the internal part off the people can continue visiting from outside for our company page but anything or should only be accessible from inside the company network.

If we do \\servername\subpage from internal (since the website is hosted there) it will work.....but how do we make it so that continues to work from external but domain/com/subpage only from internal? What do we need to do with IIS, DNS, firewall?

Is it possible to have a single IIS Server (Windows 2012) with a single Default Web Site, redirect incoming traffic to RDS and CRM web pages on the same internal server with a single internal address?

I have two sub domains - and that point to two different public ip addresses.  the RDS page presents on the but I cannot get the CRM page to present at the  I also want them to be secure via https protocol.

I have been chasing my tail on this for far to long and would appreciate some experienced feedback.  

I have classic ASP connects to an Access database and both resides on a web server W2008 R2 64-bit (IIS 7). In IIS Application Pools->Advanced Settings, the 32-bit applications is set to True and Managed Pipeline mode is Classic.

Below is the connection string in ASP.
Dim objConn
  Set objConn = Server.CreateObject("ADODB.Connection")
  objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0; " & _
               "Data Source= C:\DB\MyDB.mdb"

This setup was working for years till early this week. The ASP can't connect to database anymore. I have to reboot the server then it worked again for a day then stop. Any suggestions?

Thanks in advance!

Microsoft IIS Web Server




Articles & Videos



IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.