Tag Archive: IIS06


After performing a number of configuration changes on my server to improve performance, I decided that I wanted to work on performance tuning of my IIS6 install since I host all of my own web sites.

One way of doing this is to enable compression, either globally, or per site. By doing this, content can be compressed by the IIS6 server before being sent, giving savings on bandwidth.

This does rely on support by the web browser being used, but since most do support compression nowadays, it’s well worth doing.

Since I don’t run many sites, I decided to enable compression globally. If you want to do it per site, then look here: Enabling HTTP Compression (IIS6).

So, my first stop was to create a new directory for the compressed files on my D: drive, since I also wanted to move the folder to a new location at the same time. TheĀ  default is at ‘C:\WINDOWS\IIS Temporary Compressed Files’, however I didn’t want the folder to be slap bang in the middle of my Windows directory. If you’re creating a new folder for the first time, then make sure the the IIS_WPG user has full control to the folder, and, if you have an identity for your app pool(s), then they will also need full control.

I then opened up IIS Manager, found the folder marked ‘Web Sites’, that contains all my sites, and right clicked on it. I then selected ‘Properties’, and once the dialog box had opened up, located and selected the ‘Service’ tab.

I then checked the boxes ‘Compress Application Files’ (Dynamic compression), and the box marked ‘Compress Static files’.

I also checked the box to restrict the directory size, and chose to restrict it to 100Mb, after which it will clean out the oldest files.

I clicked ‘Apply’, then ‘Ok’, and that was it, compression enabled!

PHP and IIS have not always got on. My last install was hand crafted, and took some time to get the way I wanted, with the extensions I needed etc.

So, I had the need to install PHP for a customer at work, on what was a new, effectively bare install of IIS, and things have improved somewhat.

After a bit of research, I discovered I needed the following:

1. PHP for Windows, found here: PHP for Windows. Recommended was version 5.3.3 VC9 non-thread safe installer. You may also need the Microsoft 2008 C++ Runtime, which is linked to from the same page.

2. Fast CGI for IIS, found here: Fast CGI for IIS. Follow the on screen instructions to install this.

Since it was a clean install, there were no previous versions involved, I simply installed the Microsoft 2008 C++ Runtime which was appropriate for my OS, installed FastCGI, and finally, ran the PHP 5.3.3 installer, selecting FastCGI from the list presented. I also left the installed extensions as the defaults, however you can opt to install more extensions if you so desire.

By selecting FastCGI, the installer will automatically add the .php extension globally to IIS, so any new sites you create will automatically get the .php extension.

Reboot if you need to, and once the server has restarted, create a file in the root of your default website called ‘phpinfo.php’, and edit it so it contains the following:

<?php
phpinfo();
?>

Using a web browser, visit the default site and specify the phpinfo.php file. If PHP is working, this will display several pages of information about PHP. If not, you’ll need to retrace your steps to see what might have gone wrong.

The most usual problem is that the site does not know what to do with the .php extension, so just check and make sure it matches the global one, and if it doesn’t exist for your site, you can add it using the global definition as a reference.

If you are upgrading, the procedure is much the same, except you must uninstall any previous versions before starting. This will mean your sites are down, so be sure to do it when it will have the least impact. I also took a backup of my old PHP directory as a reference before uninstalling

Also, although the global settings for the .php extension will be updated, you will need to check all your PHP enabled sites to ensure the .php settings match the global settings, or your sites may not work correctly.

That’s it. Not too difficult, just take your time and don’t panic!

The last item I had to move to my D: drive was my web root folder that contained all of my websites.

I moved all but the default website, since that contained my Outlook Web Access, and I was wary of breaking it. As with any procedure, make sure you have good backups, and since this is an IIS 6 procedure, ensure you are running IIS 6 before using it.

The actual procedure is quite simple, since we are simply moving directories, and pointing the websites at the new location. Before proceeding, ensure you’ve checked each site is working, and that you know the location of the folder that contains the sites files.

First things first, start a command prompt, and run the command ‘iisreset /stop’. This will stop all services relating to IIS, and means there will be no locked files to hinder you.

Once the command has completed, locate the folder containing the files for your website. For example, the folder containing the files for this blog were at C:\web\http\Wordpress.

I then copied the entire WordPress folder and its contents to D:\web\http\. The folder was now D:\web\http\Wordpress.

I then made sure the permissions matched those of the folder in it’s original location. i then restarted IIS from the command prompt, using the command ‘iisreset /start’.

I then went to the properties of the website in IIS Manager, and at the home directory tab, changed the path to point at the new location, and restarted just that site.

I then tested the site to make sure all was well before deleting the files from their old locations.

I then repeated for all my other sites. If you want, you can issue the command ‘iisreset /restart’ when you’re done, and this will restart the whole if IIS, just to be on the safe side.

Now my Windows installation has been moved to its new hardware home, in order to improve perfomance, I decided to do the following:

1. Move my Exchange information stores to the new second drive.

2. Move my MSSQL databases to the new second drive.

3. Move my MySQL databases to the new second drive.

4. Move my IIS6 website content to the new second drive.

This should improve overall performance since these items will no longer reside on the same drive as the O/S, and more spindles means better read/write performance.

Since each one of these tasks is not that difficult, I thought I’d share with the world! So keep an eye open, they are coming soon.

As a follow up to my previous post, there is another issue that I came across. Bit of a gotcha.

Because we were upgraded to Premium SSL certs, we didn’t have the newest intermediate CA certificate on our servers, so whilst the certificate was valid, Firefox users experienced issues because the certificate did not appear to be valid.

It was an oversight really, because we’ve not really used Premium certs, there was no need to update the intermediate certificate.

Well, I have updated it now, and all is well, so I am a happy bunny again.

SSL Hell!

I do sometimes wonder why something that worked perfectly well the last time I did it, now doesn’t and has caused me a morning’s worth of worry.

The problem? A simple SSL certificate renewal. Or not so simple, as it turned out.

Usually, we don’t do certificate renewals, because IIS6 seems to have a problem, meaning it doesn’t work properly. Instead, we use a temporary site to generate a CSR, which we then use to generate our new certificate. Once we have the cert, we finish off the outstanding certificate request.

From there, we export it from certificate manager, and import it to where it is needed, usually by double clicking on the pfx file and running through the on screen prompts.

Next we do a simple certificate replace on our three webservers within our cluster.

The problem is, is that during the export from our original server, the private key got munched somehow, which we didn’t know, so once we deployed the cert on our live servers, the site broke quite badly. Despite the broken certificate, it

I was able to find the problem after I installed and ran Microsoft’s SSL Diagnostic tool, which I’d highly recommend if you find yourself in a similar position.

I fixed it in a roundabout way, though I’m not completely sure why it worked.

First, I went back to the server where the original CSR was generated. I then went to the temporary site, and exported the cert using IIS6, and not the certificate management console.

I then copied the resulting PFX file to the destination, and instead of double clicking to import, I opened up certificate manager, selected my certificate store, then right clicked on the store, and selected the ‘Import’ option instead.

Once imported, I did a simple SSL cert replace on the problem site and all was well again.

I’m frustrated that the original method used to work, and that it now, seemingly, doesn’t, but at least having had this happen, if it does happen again, I won’t be so much in the dark.