Wednesday, February 25, 2009

Installing Windows Server 2008 Core part 4

Remote management of IIS 7 would be nice. I spent some time trying to figure out why the IIS Management Console on Vista didn't have the option to add a new connection to my new Win2K8 server. Turns out I need Internet Information Services (IIS) 7.0 Manager. Installing and starting it displays a substantially different UI.

On the server, the Web Management Service needs to be started. Also, checking the firewall configuration on the server reveals there is open access through the firewall for the service. I'm going to set the startup for the service to automatic and I'm also going to restrict incoming traffic to the local subnet:

C:\> Netsh advfirewall firewall set rule name="Web Management Service (HTTP Traffic-In)" new remoteip=localsubnet

Now I can connect through the firewall but on my first connection attempt I get a Server Certificate Alert because I don't have the servers self-signed certificate in my trusted certificate store. Viewing the certificate provides an option to install it into my local store which is nice. Sadly the remote server is not accepting connections. So how to enable remote management for IIS. Googling reveals any number of helpful pictures of where in the IIS Management Console to tick the box enabling remote management. Unfortunately there isn't any obvious information about how to do this on Core. I'm having a wee stab in the dark using regedit to modify the entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server\EnableRemoteManagement, changing the REG_DWORD value from 0 to 1. Restart the Web Management Service and I can now successfully add the server as a new connection. Unfortunately when I open that connection there are only three options available to me; Feature Delegation; IIS Manager Permissions; and IIS Manager Permissions.

After some toing and froing on The Official Microsoft IIS Site I managed to get it sorted. The Official word from Anil Ruia is:

This is an issue with how clr looks for managed assemblies - in vista SP1, Microsoft.Web.Management.IisClient, version= (and AspnetClient) are also installed to the inetsrv directory along with being in the GAC - now when connecting to win7, version 7.5 of these dlls are downloaded, but when trying to load them, CLR first finds the 7.0 versions in the inetsrv directory and complains that the version does not match. The fix in vista sp2 is just to make sure that the 7.0 versions are not installed to inetsrv directory.

I created a sub directory C:\Windows\System32\inetsrv\Microsoft.Web and moved Microsoft.Web.*.dll into that directory. I did have to take ownership of those particular files and then allow administrators full control. But, yes it does work and I now have access to the complete list of features in iis7 on my remote server.

No comments: