+

Search Tips   |   Advanced Search

Internet Information Server v8 web server


Stop and Start

Log on to the target machine hosting the IIS web server.

To restart IIS, open a 'cmd" prompt as an administrative user and run "iisreset"

To stop IIS: net stop WAS

To start IIS: net start W3SVC

Alternate restart commands...


Internet Information Services Manager

To get to Internet Information Services Manager from a Remote Desktop session, open...

    Control Panel | System and Security | Administrative Tools


Log files

Web server log files...

    C:\inetpub\logs\LogFiles\W3SVC1
    c:\Windows\system32\logfiles\httperr

WAS plugin log...

    C:\IBM\WebSphere\Plugins\logs\webserver

To view events...

    Start button | Control Panel | System and Security | Administrative Tools | Event Viewer


Configure the IIS service

  1. Download and unarchive WAS plugin media

  2. Open cmd prompt as administrator and run the below command

      C:\install_files\custom\bin\install_iis_plugins.bat

  3. Configure Microsoft Internet Information Services (IIS)

    • Create the virtual directory as sePlugins (not wpPlugs)

    • Install Management Tools

    • Check to make sure ISAPI filter and ISAPI & CGI restrictions configurations are in place

  4. Create a remote IIS configuration on the portal server...

    1. From the IIS host, copy...

        C:\IBM\WebSphere\Plugins\bin\configurewp_webserver.bat

      ...to the WebSphere Portal host...

        C:\IBM\WebSphere\AppServer\bin\configurewp_webserver.bat

    2. Start the WebSphere_Portal process

    3. On the portal host, run...

        setupCmdLine.bat
        configurewp_webserver.bat

  5. Run regedit to start the windows registry

  6. Go to...

    ...and set...

      UrlSegmentMaxLength = 0
      AllowRestrictedChars = 1

    Make sure to set type as DWORD.

    Setting 0 makes URLs unlimited

    Restart Internet Information Server (IIS)...

    Here is a PowerShell script you can run to set values...

      Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters -Name UrlSegmentMaxLength -Value 1500
      Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters -Name AllowRestrictedChars -Value 0
      Restart-Service W3SVC -Force

  7. Open a cmd prompt as an administrative user and run...

      net stop http
      net start http

    Repeat for each web server

    If that does not work, try...

      net stop WAS
      net start W3SVC
      net stop http
      net start http
      net start W3SVC

    ...or reboot the machine.

  8. Open WebSphere Customization Toolbox | WebServer Plugin Configuration Tool

  9. Click Add and fill in your information

  10. Create a WebServer Definition

  11. Copy configurewp_webserver.bat from the IIS host to the WebSphere Portal host

    The location of this script on the IIS host is

      C:\IBM\WebSphere\Plugins\bin\configurewp_webserver.bat

  12. The target location for this script on the WebSphere Portal host is

      C:\IBM\WebSphere\AppServer\bin\configurewp_webserver.bat

  13. On the portal host, run configurewp_webserver.bat

  14. From the WAS console, generate new plugin-cfg.xml file, then copy the plug-in files to each web server Plugin config directory.

    From..

      C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\PROD-DMGRCell01\nodes\WebServerNode01\servers\wp_webserver\plugin-cfg.xml
      C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\PROD-DMGRCell01\nodes\PROD-WEB2.PRODSRV.MYCO-node\servers\wp_webserver2\plugin-cfg.xml

    ...to..

      C:\IBM\WebSphere\Plugins\config\<webserverName>

    • plugin-cfg.xml
    • Db file
    • Stash file

  15. Restart IIS

  16. Login to the Dmgr Console and select Environment >WebSphere Variables

  17. Update the following variables

      WCM_HOST=<fqdnVIP>
      WCM_PORT = 80

  18. You should be able to hit the portal server via HTTP

  19. If IIS does not forward requests to portal, create an app pool for Portal

    Then link via a service account.

If you get error:

    ERROR: lib_security: loadSecurityLibrary: Failed to load gsk library from XAS

...to fix...

  1. Apply the latest Plugin fix pack.
  2. Install 64 bit Visual C++ Redistributable package.


Configure IIS to use SSL

  1. Open Internet Information Services (IIS) Manager.

      Control Panel | System and Security | Administrative Tools

  2. Create self-signed certificate.

      Features view of the machine | Server Certificates | Actions pane | Create Self-Signed Certificate

    In the box...

      Specify a friendly name for the certificate box

    ...and type a friendly name for the certificate. For example...

      myco.myorg.com

    ...and then click OK.

  3. Go to...

      Connections | server name | Sites | website

  4. Go to...

      Actions menu | Edit Site | Bindings | Add

  5. In the Add Site Binding window, set...

      Type In the drop-down list, select https.
      IP address In the drop-down list, select All unassigned.
      Port Enter 443, unless you are using a non-standard port for SSL traffic.
      SSL certificate In the drop-down list, select the recently imported SSL Certificate by its friendly name.

  6. Click OK.

  7. Set IIS to ignore client certificate.

  8. Force use of SSL

    1. Install Microsoft URL Rewrite Module

    2. In IIS Manager, click on your website and select "URL Rewrite" from the Features View.

    3. Click "Add Rules(s)..." from the Action Pane on the Right.

    4. Setup the rule...

  9. Restart IIS: iisreset

See also: IIS 8.0 Centralized SSL Certificate Support: SSL Scalability and Manageability


Certificate signing requests

  1. Use the IIS Request Certificate panels to create Certificate signing request (CSR) files

  2. Fill in the following information, then generate a file.

      Common Name myco.myorg.com
      Organization My Org
      Organizational Unit Office of Information Technology
      City Des Moine
      State Iowa
      Cryptographic service provider Microsoft RSA SChannel Cryptographic Provider
      Bit Length 2048

  3. Send file to your certificate authority. They will send back certificate files (*.car)

  4. Copy *.cer files to target web server(s)

  5. From IIS Manager, go to...

      Connections | workstation name | Server Certificates | Actions | Complete Certificate Request

  6. Change the file type view setting at the lower right corner of the browser window to be able to see *.cer files

    The friendly name is not linked to the certificate download from Entrust.net, it is used as an identifier after the certificate is installed. You should provide a unique Friendly Name so that you can easly identify what the certificate is used for.

    Select a certificate store for the new certificate: leave the selection set to Personal

  7. From the left hand side of the IIS Manager, under Connections, Expand the Server Name

  8. Expand the Sites folder and select the site you wish to bind the certificate to

  9. From the right hand side under Actions, Select: Bindings...

  10. From the Site Bindings menu Select: Add

  11. From the Add Site Binding change the settings listed below:

      Type HTTPS
      SSL Certificate Select the friendly name of the certificate you wish to bind to the site, you can verify that you have selected the corrrect certificate by clicking on View...

    Once you have configured the settings Select: OK

  12. Restart the web site

    From the right hand side under Actions | Manage Website, Select: Restart

See also:

  1. How to install a certificate through Microsoft IIS8