Microsoft KB Archive/332108

From BetaArchive Wiki

Article ID: 332108

Article Last Modified on 12/3/2007


APPLIES TO

  • Microsoft Internet Information Server 1.01
  • Microsoft Internet Information Services 6.0


This article was previously published under Q332108

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


SYMPTOMS

When you upgrade a server with Internet Information Services (IIS) installed to Microsoft Windows Server 2003, you may receive the following warning messages:

The following items are not compatible with Windows. If you continue, you may not be able to use these items, even after Setup is complete.

! IIS World Wide Web Publishing Service(W3SVC) will be disabled during upgrade.

! IIS is being installed on a FAT volume. This will disable IIS security features.

CAUSE

You receive the first message when you upgrade a server that has not run the IIS Lockdown Wizard or configured the RetainW3SVCStatus registry key.

You receive the second message when the partition is formatted as FAT. The warning indicates that installing IIS on a FAT volume disables Windows Server 2003 security features that require the NTFS file system. Microsoft recommends that administrators consider converting from FAT to NTFS before continuing the upgrade. NTFS is generally the recommended file system because it is more efficient and reliable, and NTFS supports important features including Active Directory and domain-based security. Active Directory is necessary for domains, user accounts, and other important security features. NTFS has always been a more powerful file system than FAT and FAT32. Microsoft Windows 2000, Microsoft Windows XP, and the Microsoft Windows Server 2003 family include a new version of NTFS, with support for a variety of features including Active Directory.

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

By default, because of increased security measures, the World Wide Web Publishing Service (WWW service) is not enabled after you upgrade from the Windows 2000 Server family with IIS 5.0 unless you do one of the following:

  • For manual or unattended upgrades, run the IIS Lockdown Tool on the computer that is running Windows 2000 Server before you start the upgrade process.The IIS Lockdown Tool reduces the attack surface of your server by disabling unnecessary features, and the tool provides the option to enable and customize features for your site.
  • For manual or unattended upgrades, add the RetainW3SVCStatus registry key to the registry as follows:
    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC
    3. On the Edit menu, point to New, and then click Key.
    4. Type RetainW3SVCStatus, and then press ENTER.
    5. On the Edit menu, point to New, and then click DWORD Value.
    6. Type do_not_disable, and then press ENTER.
    7. On the Edit menu, click Modify.
    8. Type 1, and then press ENTER.
  • For unattended upgrades, include the entry “DisableWebServiceOnUpgrade = False” in the [InternetServer] section in an unattended installation script.
  • Enable the WWW service after you upgrade:
    1. Click Start, click Administrative Tools, and then click Services.
    2. Right-click World Wide Web Publishing, and then click Properties.
    3. Click the General tab, set Startup type to automatic, and then click Apply.
    4. Click Start to start the service, and then click OK when the service has started.

Important If you do not run the IIS Lockdown Tool, after the upgrade is complete, you must make sure that all unnecessary IIS features have been removed or disabled and that the enabled features are configured with the highest security settings that your organization can support.

For more information about securing the server, see the "What's Changed" and "Security Best Practices" topics in the IIS 6.0 Help. To view this documentation online, visit the following Microsoft Web sites:
http://technet.microsoft.com/en-us/windowsserver/default.aspx

Convert to NTFS

To run IIS securely, you must install IIS on an NTFS partition. Microsoft recommends that you convert to NTFS before you upgrade. If you do not convert to NTFS before you upgrade, you can still convert the drive.

  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type the following, and then press ENTER:

    Convert c:/fs:ntfs /v

  3. When you receive the following message, type N, and then press ENTER:

    The type of the file system is FAT32. Convert cannot run because the volume is in use by another process. Convert may run if this volume is dismounted first. ALL OPEN HANDLES TO THIS VOLUME WOULD THEN BE INVALID. Would you like to force a dismount on this volume?

  4. When you receive the following message, type Y, and then press ENTER:

    Convert cannot gain exclusive access to the C: drive, so it cannot convert it now. Would you like it to be converted the next time the system restarts <Y/N>?

  5. When you receive the following confirmation, restart the server to complete the conversion process:

    This conversion will take place automatically the next time the system restarts.


REFERENCES

For additional information about the IIS Lockdown Tool, click the following article number to view the article in the Microsoft Knowledge Base:

325864 HOW TO: Install and Use the IIS Lockdown Wizard


For additional information about converting to NTFS, click the following article number to view the article in the Microsoft Knowledge Base:

314097 How to Use Convert.exe to Convert a Partition to the NTFS File System


For additional information about securing IIS without running the Lockdown Tool, click the following article number to view the article in the Microsoft Knowledge Base:

814874 INFO: How to Configure Security by Using IIS 6.0


For more information about the NTFS file system, see the product documentation for Windows Server 2003. To view this documentation online, visit the following Microsoft Web site:

Choosing a file system for the installation partition
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/choosing_a_file_system.asp



Additional query words: iis 5

Keywords: kbprb kbpending KB332108



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/332108&oldid=331574
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki