Microsoft KB Archive/316327

= IIS: An Error Is Displayed When You Run the IIS Lockdown Tool Version 2.1 =

Article ID: 316327

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 5.1

-



This article was previously published under Q316327



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
In some situations, you may not be able to install the Internet Information Services (IIS) Lockdown Tool 2.1 on a server and the following option is displayed in the Internet Information Services Lockdown Wizard:

undo previous configuration and restore metabase to original configuration

When you attempt to apply the IIS Lockdown Tool, the wizard fails and it cannot perform a successful uninstall nor can it remove the configuration. You also receive the following error message:

This Server Was Already Configured

This server was already configured using the Internet Information Services Lockdown Wizard. To view the current settings, open the OBLT-Log.Log file in the \system32\inetsrv directory.

To restore the original settings, click Next. After these settings have been restored, run this wizard again.

NOTE: This is an expected behavior if you have previously installed the tool, but not if you have never installed it.



CAUSE
This behavior occurs because when you run the IIS Lockdown Tool 2.1, the following events occurs during the installation that allow the tool to reverse itself in the future:
 * The Oblt-rep.log file is created in the \System32\Inetsrv folder. This file contains a summary of the installation process and it is generated after the installation.
 * The following two metabase backup files are created and placed in \System32\Inetsrv\Metaback folder:
 * Oblt-once.md0
 * Oblt-mb.md0



RESOLUTION
To allow the wizard to run disregarding any previous installations, locate the following files and delete them (or move them to a different location):
 * Oblt-rep.log
 * Oblt-once.md0
 * Oblt-mb.md0

NOTE: This folder also houses any manually created backup files by default. You should only delete or move the files that start with the following string:

oblt

By deleting or moving these files, the wizard should be able to run successfully thereby allowing changes to the metabase.

Additional query words: iis 5 lockdown harden security wizard

Keywords: kbprb kbpending KB316327

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.