Dec 142014
 

Regardless of whether you are running Windows Server 2012 on virtual server or physical server, the success of your business depends on having the server run at optimal capacity. To ensure the server delivers uninterrupted service, you have be aware of potential performance issues before they arise.\r\n\r\nOne of the best methods to analyze the performance of Windows Server 2012 is with Performance Monitor and a User Defined Data Collector. With this tool the identification and analysis of potential performance issues has never been easier. Upon completion, a detailed summary report will be generated providing immediate insight into key aspects of the server’s performance such as Disk IO, CPU, and RAM as well as network utilization. Reading the report summary is simplified further with the use of green, red and yellow icons that call your attention to any irregularities. Additional in depth metrics are contained in collapsible sections of the report below the Summary.\r\n

Creating a New Data Collector

\r\nTo create a new User Defined Data Collector simply open Performance Monitor, right click on User Defined, select Data Collector Set. A wizard will launch to guide you through creating a new Data Collector. Once created the Data Collector will be available to run as frequently as needed. Each time it runs a new report will be created.\r\n\r\nimage\r\n\r\n \r\n\r\nThe first step will be to enter the name of your report. I usually specify “Performance” somewhere in the name since that is the type of Data Collector I am planning on running. Choosing the default option of Create from the template is recommended. Click on Next to continue.\r\n\r\nimage\r\n\r\n \r\n\r\nThe next step will be to choose the Data Collector Template that you want to use. I am going to choose System Performance. Click on Next to continue.\r\n\r\nimage\r\n\r\n \r\n\r\nNext you will be prompted to choose a path to store the report data. Depending on how long your report runs and how frequently you run it the reports can consume a lot of space. In the event that your server has multiple disk drives, it would be better to select the larger drive for storing the reports.  Click Next to Continue.\r\n\r\nimage\r\n\r\n \r\n\r\nLeave <Default> for the Run as: user context. You can change that later if needed. We need to configure some additional settings before running so select Open properties for this data collector set and then click Finish.\r\n\r\nimage\r\n

\r\n

Additional Data Collector Properties

\r\nBefore running your new data collector there are a few properties that you want to double check first.\r\n\r\n \r\n

Setting the Stop Condition

\r\nWith the properties open, click on the Stop Condition tab so that you can enter a specific period of time for the Data Collector to run. It is important to set a Stop Condition before running otherwise it will continue to run indefinitely until you manually stop it. As I noted earlier not only can the logs can take up disk space but also running a Data Collector for an extended period of time can impact server performance so specifying a Stop Condition is a good idea. For short tests I typically set 20-30 minutes. For longer tests I’ll set 2-3 hours.\r\n\r\nimage\r\n\r\n \r\n

\r\n

Setting a Recurring Schedule

\r\nChances are you may already be aware of a performance problem on your server and need to isolate the analysis window to a specific day or time period. Clicking on the Schedule tab will enable to specify multiple dates and times to run the Data Collector. This could be especially helpful if your server gets busy with after-hours utilization and you’re not available to start the data collector manually.\r\n\r\n \r\n\r\nimage\r\n\r\n \r\n\r\nYou can even select a date range to run the data collector on specific days of the week during that period of time.\r\n\r\nimage\r\n\r\n \r\n\r\nOnce you’ve finished setting the properties of the data collector just right-click on the name to run it manually or wait for the schedule to start it automatically.\r\n\r\n \r\n

\r\n

Viewing the Summary Report

\r\nYou will be able to view and analyze the report generated by the Data Collector once it has completed running. If you try to view the report before it has completed you will be notified that the Data Collector is still running. The report is located under the User Defined Reports section of Performance Monitor.\r\n\r\nimage\r\n\r\n \r\n\r\nThe overall performance of the server is displayed at the top of the report in the Summary. Anything requiring your immediate attention is noted in the Diagnostic Results section. In the picture below we can see that the server clearly needs additional RAM to alleviate the disk paging that is occurring.  The Resource Overview offers an easy to read chart of the server’s core resources of CPU, Network, Disk, and Memory. The status of each of these is indicated with Green, Yellow, or Red icons.\r\n\r\nimage\r\n\r\n \r\n\r\nBelow the Summary are collapsible sections that offer more detailed insight into the server’s CPU, Network, Disk, and Memory utilization. Here are two examples of the additional data that is available:\r\n

CPU Utilization

\r\nIn the picture below we can see that one IIS worker process was consuming nearly 80% of the server’s CPU utilization. Performing additional analysis with Log Parser on the web site’s web logs would help identify the problems this particular web site is experiencing.\r\n\r\nimage\r\n\r\n \r\n

Disk IO

\r\nSome cloud server providers will charge overage fees for excessive disk IO so it’s important to know what’s happening there. In the Disk summary there a helpful report that shows exactly what files on your server are consuming the most IO. This report is aptly named Files Causing Most Disk IOs. In the picture below we can see that pagefile.sys is causing a lot of disk IO. This is a good indication that the server could benefit from additional RAM thereby reducing the amount of disk paging that is occurring.\r\n\r\nimage\r\n

\r\n

Viewing the Data Counters

\r\nIn addition to reading the data collector report you also have the ability to view the raw counter data. From this view you can select all the counters that were collecting data or only a few and play back the utilization as it occurred.\r\n\r\nimage\r\n\r\n \r\n

In Summary

\r\nWindows Server 2012 offers several tools for analyzing your server’s performance. The Performance Monitor Data Collector offers comprehensive insight into resource utilization and makes it easy to quickly identify performance bottlenecks. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Nov 292014
 

When your Windows server is low on space or runs out of space entirely you need to quickly identify where the disk space is being utilized and free up space. Low disk space or worse yet no disk space can have a negative impact on your server’s performance.  Knowing the paths to a few folders that typically eat up space such as web logs isn’t enough when you need to free up space ‘now’. In this situation you need a graphical tool that can quickly analyze an entire disk drive or even multiple drives and show you how the server’s space is being utilized. Fortunately for Windows server admins JDiskReport and WinDirStat are two such tools and better still they are both free.\r\n\r\n \r\n

Using JDiskReport

\r\nJDiskReport is a free graphical disk space tool from jgoodies.com. Unlike some of those other free tools companies provide that require you to register your product before it works or that you have to pay to unlock features, JDisk is ready to use as soon as it’s installed and it’s feature complete. Installation of JDisk is straight forward and quite simple.\r\n\r\nBefore you install JDisk you should know that it requires the Java Runtime to run. If the Java Runtime is missing and you install JDisk, it prompt you to locate the path to the Java Runtime. Once you’ve downloaded Jdisk to your server just launch the installation wizard. The only additional step of the wizard will be to specify the path where you want it to be installed.\r\n\r\nimage\r\n\r\n \r\n\r\nOnce installation has completed you will be presented with the default starting screen. Any previous paths that you’ve analyzed will be displayed for added convenience. You can select the entire disk drive or a specific folder on the server.\r\n\r\nimage\r\n\r\n \r\n\r\nUnless I have a specific folder in mind I typically pick the entire disk drive. Within a few minutes, after initiating a directory scan, you will see a detailed analysis of the server’s disk space utilization. This report is more than just a pretty picture. Not only can you can click on any folder of the navigation tree to drill down more but you can also click on any part of the pie chart to see subdirectories.\r\n\r\nimage\r\n\r\n \r\n\r\nIn the picture above we can see that the Windows folder is using the most space but that is to be expected on a C: drive. Looking more closely I can see that on this server C:\temp is using over 9 GB and that’s unusual so there’s probably some files in there I can delete which will free up valuable space. In addition to the colorful chart you can also get a detailed file list and sort that according to size. In the picture below we can see a more detailed look at C:\temp.\r\n\r\nimage\r\n\r\nWithin minutes of running the scan, JDisk has helped me find several large files which can be deleted.\r\n\r\n \r\n

Using WinDirStat

\r\nWinDirStat can be downloaded from windirstat.info and is available in 12 different languages. It offers some interesting features such as an option to delete files and a color coded treemap  as well as disk space utilization based on file type. Installing WinDirStat is just as simple as installing Jdisk. Upon launching the wizard you’ll be prompted to accept the GNU GPL. After that you just need to choose the features and then pick the installation path.\r\n\r\nimage\r\n\r\n \r\n\r\nWhen the program first opens, it will display all of the disk drives available for analysis. If your server happens to have any network drives mapped, they will also be displayed. Here you have the option to scan all the drives on the server, just one drive, or a specific folder.\r\n\r\nimage\r\n\r\n \r\n\r\nScanning the disk drive completes quickly however it’s hard to say whether WinDirStat is faster or slower than JDisk. The speed of both programs will ultimately depend on how much data is being analyzed and the server hardware configuration  such as processor speed and disk drive speed. Once it completes you are presented with a detailed analysis of the disk space utilization. Clicking on any folder in the tree view enables you to drill down in the directory tree.\r\n\r\nimage\r\n\r\n \r\n\r\nFrom the application menu you can toggle showing the utilization by file type and see the treemap. Although the treemap and file type analysis are helpful, I prefer to just use the directory list because when I’m working on a server that’s running out of disk space, I need to get it resolved quickly.\r\n\r\nimage\r\n\r\n \r\n

In Summary

\r\nHaving enough free disk space is a necessity for Windows servers to perform optimally.  Graphical tools like JDiskReport and WinDirStat make it easy to identify where your server’s disk space is being consumed. Both are capable programs and work quickly to analyze disk space utilization. If I had to choose only one, I could pick WinDirStat because it doesn’t require any additional software to operate. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Nov 072014
 

When it comes to improving Windows server performance, most sysadmins focus on hardware such as adding CPUs or RAM. However, low disk space can also impact performance sometimes even causing critical processes such as backups to fail. Fortunately there are quite a few places to check on a Windows server to free up additional disk space.  Some paces to check are obvious such as cleaning up log files while other paces are not as obvious such as finding system temp files.

\r\n

How to See System Files

\r\n

Before searching for additional space you need to ensure that you Windows Explorer will display hidden system files and file extensions. To confirm you can see these open Windows Explorer and go to Folder & Search Options.

\r\n

image

\r\n

 

\r\n

Click on the View tab and select Show hidden files, folders, and drives. Uncheck Hide protected operating system files and Hide extensions for known file types.  Making these changes will allow you to see all the files on the server including system files and folders which could be taking up unnecessary space. Click OK to close the window.

\r\n

Before deleting anything always double check that you really don’t need the files any more and it’s safe to delete. Here are the top places that I check when I need to free up disk space on a Windows server.

\r\n

1. Empty Recycle Bin

\r\n

Cleaning up the recycle bin is most likely the easiest way to purge files unnecessarily taking up space. When you need to quickly clean up space this is the first place to check. It is surprising how much space can accumulate over time. Every disk volume on the server has a $recycle.bin folder. As mentioned above you won’t be able to see it until you enable viewing system folders. In the picture below you can see there’s plenty of deleted files waiting to be purged. Just select all the folders and right-click to delete them.

\r\n

 

\r\n

image

\r\n

 

\r\n

2. Compress IIS Log Files

\r\n

The next thing I do when I need to free up disk space is to compress the IIS site log files. The default path to these files is %SystemDrive%\inetpub\logs\LogFiles. However, I prefer to redirect that path to something easier to find at the root of the disk drive such as C:\wwwlogs. If the server has multiple drives I will store them on the largest drive. Unless you disable your site logs they will automatically grow until the disk drive has filled up or they are removed or they are deleted. Enabling Windows file compression on the IIS logs directory tree will save a considerable amount of disk space.

\r\n

image

\r\n

 

\r\n

To enable Windows file compression, just right-click on logs folder and select Properties. Click the Advanced button and as shown in the picture above and select Compress contents to save disk space. Click OK to close the window. Depending on how much content you have in the directory tree it may take several minutes to complete.

\r\n

 

\r\n

image

\r\n

The picture above is from an IIS logs folder where I enabled compression and as you can see it saved 62% of the space being utilized by the log files. You can squeeze even more free space from your IIS log files by zipping them with an archiving program. In a recent walkthrough of mine I show how to manage IIS logs with GZipStream.

\r\n

 

\r\n

3. Compress SQL Server Backups

\r\n

 

\r\n

The SQL Server backup folder is another great place to check when you need to free up some disk space. You can use the steps above to apply Windows file compression and as well zipping the files to free up additional disk space. In the photo below the SQL Server backup folder is using 1.8 GB of space without any compression.

\r\n

image

\r\n

After applying compression to this folder I was able to save approximately 60% of the disk space used by the backups. By zipping the files as well can you save can even more space. Depending on your particular business needs, you can also save additional disk space by limiting number of backups SQL Server stores on the server. This can be configured with a SQL Server Maintenance Plan.

\r\n

 

\r\n

4. Cleanup Performance Monitor Reports

\r\n

Windows Performance Monitor is an invaluable tool to analyze performance on a Widows server. Within minutes, one can easily configure a Data Collector to get deep insights on CPU, RAM, Network IO, and Disk IO. However, this convenience can also lead to disk space being needlessly consumed when you have forgotten about the reports days or weeks after the analysis has completed. This will be even more apparent if someone forgets to set a Stop Condition on the Data Collector and leaves it running for days.

\r\n

image

\r\n

The default path for the logs is usually C:\PerfLogs. The report path is also clearly shown in the Data Collector properties. Once your analysis has completed and you’ve reviewed the reports you can delete them. Applying Windows file compression to the reports folder as shown above will also help save disk space.

\r\n

 

\r\n

5. Cleanup Windows Error Reports

\r\n

Windows Error Reporting is an exceptional tool for identifying issues on your server. Unless you delete the logs or disable the feature they will accumulate over time. The default path to WER reports is C:\ProgramData\Microsoft\Windows\WER and there are two sub-directories below it. You can delete the files in the folders but you should leave the 2 folders in place. This is another great place to apply Windows file compression to save more space.

\r\n

image

\r\n

 

\r\n

 

\r\n

6. Cleanup Windows Temp Files

\r\n

There are several paths on Windows server’s that are used temporarily when installing updates or new programs. In many cases Windows will automatically delete these files after the installation has completed. However sometimes you’ll need to manually delete them yourself. One such folder is C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp. In the picture below I was able to free up nearly 1 GB by deleting Malware Protection updates that had not been properly removed after they were installed.

\r\n

clip_image002

\r\n

Here are some other possible locations to look for temporary files that can be removed:

\r\n

    \r\n
  • C:\temp
  • \r\n

  • C:\Users\Default\AppData\Local\Temp
  • \r\n

  • %localappdata%\Microsoft\Windows\Temporary Internet Files
  • \r\n

  • %localappdata%\Microsoft\Windows\Explorer
  • \r\n

  • %windir%\ServiceProfiles\LocalService\AppData\Local\Temp
  • \r\n

\r\n

 

\r\n

7. Windows Disk Cleanup Tool

\r\n

Trying to remember all the paths to temporary files can be a daunting challenge for any sysadmin. Fortunately Microsoft recognized this as well. On Windows Server 2008 R2 and Windows Server 2012 or later,  you can get a Disk Cleanup tool like the one on the desktop versions of Windows. However, to take advantage of this you need to install the Desktop Experience feature which is available using the Server Manager’s Add Features Wizard. Just check the feature and then complete the wizard.

\r\n

image

\r\n

 

\r\n

After the server has been installed you can access the Disk Cleanup tool from the Control Panel. You will have a convenient way to clean up different types of temporary files including Windows Update files and Windows Error Reporting files.

\r\n

 

\r\n

image

\r\n

This tool is very helpful with cleaning up disk space. However, you should be aware that there will be some additional programs installed along with the Disk Cleanup tool which you may not want on your server such as Media Player. Here is a complete list of the programs that are installed with the Desktop Experience.

\r\n

 

\r\n

8. Windows Server 2008

\r\n

All of the options listed above will also work on Windows Server 2008 systems however specifically on Windows Server 2008 SP2 servers you can make the service pack permanent and free up space by running the following command which should free up nearly 1GB of disk space on the server:

\r\n

    \r\n
  • compcln.exe /VERBOSE:C:\temp\compcln.txt
  • \r\n

\r\n

 

\r\n

9. Windows Server 2003

\r\n

Windows Server 2003 “end of life” is July 14, 2015. If you haven’t started migration plans for legacy systems on that platform then you need to start planning for it asap. A great place to clean up space on Windows Server 2003 is to delete the hotfix uninstall files. Imagine my surprise when I logged into the server below to work on a low disk space situation and I found over 1 GB of these legacy files going back to 2011. There are also files in the C:\windows\$hf_mig$ folder that can be cleaned up. However, It’s always a good idea to wait at least a week or two before deleting these files in case you need to rollback one of the hotfixes.

\r\n

 

\r\n

image

\r\n

 

\r\n

One additional way to free up space would be to create a symbolic link from one directory to another on a larger disk drive. Mark Russinovich’s free Junction tool makes it very easy to do this however you have to be careful when doing this or you can inadvertently cause problems for yourself. Be sure to make a backup before using it the first time.

\r\n

In Summary

\r\n

Having your Windows server run out of space can cause serious performance issues as well as prevent important backup processes from running. I covered several great places to check on a Windows server when you need to free up space. Always confirm that files are safe to delete before you delete them. Thanks for reading.

\r\n

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Aug 092014
 

One of the many benefits of using virtual servers over physical servers is the ability to add server resources such as CPU, RAM, and disk space on the fly without downtime. An addition drawback with a physical server is that you were often limited by the physical capacity of the server.  Once those limits were reached the server couldn’t be upgraded further.  Adding resources also required powering off the server which in turn would require coordinating with business owners and impacted users. Not all editions of Windows support hot-add so be sure to confirm your server is supported before starting. In this walkthrough I’ll show how easy it is to add server resources using VMware’s vSphere client.\r\n

Logging into vSphere Client

\r\nAfter authenticating on my network with the VMware vSphere 5.5 client I go to Hosts and Clusters under Inventory. From here I have access to all the virtual servers configured in our environment. After selecting the server to be upgraded you will be see the Getting Started tab. From here you have access to the usual administrative tasks such as starting, stopping, and restarting the server as well as performance reporting and events about the server. Click Edit virtual machine settings to add resources.\r\n\r\nCapture2\r\n\r\n \r\n

Enabling RAM and CPU Hotplug

\r\nAdding the additional resources is straight forward. However when you begin you may find the CPU and Memory properties disabled. This indicates that the server has not been been previously enabled for hot adding resources. In this instance the server will need to be shutdown before you can upgrade these resources.\r\n\r\nCapture3\r\n\r\n \r\n\r\nFortunately fixing this for future upgrades is a simple matter. When the server is powered down click on the Options tab of the Virtual Machine Properties. Under the Advanced settings go to the Memory/CPU Hotplug properties. Click Enable memory hot add and Enable CPU hot add. Click OK to save the changes. After the server is powered back on you will now be able to add CPU and Memory without having to first shutdown the server.\r\n\r\n \r\n\r\nUntitled-1\r\n\r\n \r\n\r\nTo add additional virtual CPUs simply increase the Number of virtual sockets and click OK to save the changes.\r\n\r\ncore\r\n\r\n \r\n\r\nTo add additional Memory to the server adjust the Memory Configuration accordingly and click OK to save.\r\n\r\nUntitled-2\r\n\r\n \r\n\r\n \r\n

Adding Additional Disk Space

\r\nIn addition to adding CPU and Memory to the server during this maintenance window I am also going to add disk space. Adding additional disk space is just as straight forward as adding CPU and Memory. In the Virtual Machine Properties on the Hardware tab go to the Hard disk settings. Increase the Provisioned Size by the new amount and click OK to save the changes. Windows will not automatically recognize the new space so the final step of the upgrade will be log into the server and Extend the server’s disk drive. This can either be accomplished using vShere’s server console window or by connecting to the server with Remote Desktop.\r\n\r\nCapture5\r\n\r\n \r\n

Extending Windows Disk Space

\r\nAfter logging into Windows open the Computer Management snap-in. In the console tree click on Disk Management under Storage. You may need to Rescan the disk before Windows will see that the new space is available.\r\n\r\nCapture6\r\n\r\n \r\n\r\nStep through the Extend Volume Wizard to allocate the additional space on the existing volume.\r\n\r\nCapture7\r\n\r\n \r\n

In Summary

\r\nVMware vSphere offers System Administrators complete control over virtual server properties. Adding additional CPU, RAM, and disk space is  straight forward and in many cases can be performed without having to shutdown the server.  To help minimize downtime of your next maintenance window, double check the edition of your Windows server supports hot-add and confirm the Memory/CPU Hotplug property has been enabled. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Aug 072014
 

The FTP protocol is some 43 years old now. Yet it continues to be one of the most widely used file transfer technologies available. Over the years it has been shown to  be vulnerable to brute force attacks, packet capture, and other attack vectors.  Fortunately with IIS 8 on Windows Server 2012  your FTP server doesn’t have to be vulnerable. It goes without saying that FTP Authentication and Authorization are the most fundamental methods to secure your server.  Here are three additional things you can do to increase the security of your server’s FTP service and minimize its attack footprint.\r\n\r\n \r\n

IIS 8 FTP Logon Attempt Restrictions

\r\nOne of the most common FTP attack vectors is the dictionary attack. Using automated tools hackers will repeatedly hammer your FTP site with thousands of username and password combinations hoping to find that one account with an easy password. In the picture below you can see just a snippet of this automated activity. Fortunately none of these attempts were successful.\r\n\r\nlog\r\n\r\n \r\n\r\nIIS 8 now features FTP Logon Attempt Restrictions. This powerful feature is not available in IIS 7 or IIS 7.5. Once configured automated logon attacks will be stopped in their tracks. From IIS Manager simply click on FTP Logon Attempt Restrictions.\r\n\r\nCapture3\r\n\r\n \r\n\r\nConfiguring the FTP Logon Attempt Restrictions module is easy. Simply choose how many logon attempts are to be allowed and the time period for them to occur. When you consider that most FTP clients will save passwords in a profile, legitimate users on your FTP site should only need 1-2 logon attempts. However, depending on how many FTP users you’re hosting and their technical savvy you may need to tweak these settings.\r\n\r\nCapture4\r\n\r\n \r\n\r\nTesting my FTP site now with the new logon attempt restrictions it is easy to see how well it works. After the threshold is exceeded my connection to the server is forcibly closed. Automated hack attempts will no longer be a threat to this FTP server.\r\n\r\nCapture5\r\n\r\n \r\n

Enable FTP Over SSL with IIS 8

\r\nThe FTP protocol wasn’t originally designed for encryption. Fortunately with IIS 8 (and IIS 7) your FTP sessions can now be encrypted with SSL. To configure FTPS also known as FTP Over SSL open IIS Manager. You can either specify using SSL when adding FTP Publishing to a site or alternatively just going to the FTP SSL Settings on an existing site. Connecting with SSL can either be optional or or you can force all connections to use it. Using the drop down menu choose the certificate that you want to be used to encrypt the connections.  Windows Server 2012 has a default certificate available however you are also welcome to install your own 3rd party certificate.\r\n\r\nimage\r\n\r\n \r\n\r\nAfter you’ve configured the SSL settings on the server you just need to change your FTP client connection properties. In the picture below I’m using a legacy version of Cute FTP 8.0. Depending on which FTP client you’re using your protocol menu will look different.\r\n\r\nimage\r\n\r\n \r\n\r\nHaving changed my FTP client settings I attempt to connect to the server using SSL. The first time you connect to the server you will be prompted to accept the new SSL certificate. The log snippet below shows that my FTP session is being properly established with SSL. My communication with the server is now secure and protected.  Here is a more detailed walk through of configuring FTP over SSL on IIS 8.\r\n\r\nimage\r\n

\r\n

Configuring IIS 8 FTP User Isolation

\r\nWhen IIS 7 was released the FTP service had been completely redesigned from the ground up with security in mind. This was a welcome change indeed from IIS 6. In addition to supporting FTP over SSL it introduced FTP User Isolation. Multiple users on the same FTP site could be separated regardless of which file path they were being logged into without risk of someone traversing up parent paths to other user folders.\r\n\r\nThe FTP Authorization rules make it easy to identify multiple users or even local groups to have access to the FTP server. The user isolation is accomplished by creating a virtual directory called LocalUser and then choosing User name directory (disable global virtual directories). The LocalUser virtual directory should point to the FTP root directory and then you create a separate virtual directory for each FTP user which points to their destination path.\r\n\r\nimage\r\n\r\n \r\n\r\nWith FTP User Isolation configured your users will never be able to move up up to a parent path beyond their individual root directory. Even if a user were able to correctly guess the username and virtual path of another FTP account on the server they will not be able to reach it. Due to the confines of the isolation the FTP session can not see anything else on the server. In the example below I login with local account ftpuser2 and attempt to change the path to /ftpuser1 however that path does not exist and therefore is not accessible to my user. Here is a more detailed walkthrough of configuring FTP User Isolation on IIS 8.\r\n\r\nimage\r\n\r\n \r\n

In Summary

\r\nIIS 8 on Windows Server 2012 offers the most secure FTP service of any IIS version to date. You have multiple layers of FTP security available by leveraging FTP Logon Attempt Restrictions, FTP Over SSL, and FTP User Isolation. Your FTP server will be well protected using these built-in modules. With internet security there is no ‘patch’ for complacence.  More security is always better so implement it when it’s readily available to you.  Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Jun 302014
 

One of the many great new features with IIS 8 on Windows Server 2012 is Server Name Indication (SNI).  SNI is a TLS extension that includes  the hostname or virtual domain name during SSL negotiation. The reasoning behind this was to improve SSL scalability and minimize the need for dedicated IP addresses due to IPv4 scarcity. This means that you can now host multiple SSL certificates on a web server only 1 IP address. With previous versions of IIS you were forced to bind SSL certificates with unique IP addresses  and the only workaround available for hosting multiple SSL certificates with 1 IP address was to use a wild card certificate. In this walkthrough I will show how to leverage hosting multiple certificates using SNI.\r\n

Web Hosting Certificate Store

\r\nA new certificate store was created for Windows Server 2012  called the Web Hosting store. It is similar to the Personal store however it has been designed to support a significantly higher number of certificates with only a minimal performance impact on the server. On Windows Server 2012 certificates are now loaded on-demand in memory. Previously on older versions of Windows Server all certificates on a server would be loaded from just one GET request. The end result of this was high memory usage and limited scalability.\r\n\r\nsni6\r\n\r\n \r\n

Hosting Multiple Sites Using 1 IP Address

\r\nOn my test server I have 3 sites configured using host headers and 1 IP address.\r\n\r\nsni2\r\n\r\n \r\n\r\nI have already imported 3 SSL certificates and you can see they are in the Web Hosting certificate store. Installing the certificates is straight forward but I am not going to cover that in this blog post. However, if you need help with installing certificates then here are the steps to follow.\r\n\r\nsni1\r\n\r\n \r\n

Enabling Server Name Indication

\r\nServer Name Indication (SNI) is enabled on the site binding properties by clicking the Require Server Name Indication checkbox. Click OK to save the settings and then close the Site Bindings window.\r\n\r\nsni3\r\n\r\n \r\n\r\nNow I have added  an SSL certificate for each site and enabled Server Name Indication each site’s SSL binding. The certificates have been correctly added to the Web Hosting store to ensure scalability. Looking at IIS Manager below we can see that the https binding of each site is sharing same IP address. With previous version of IIS this would not have been possible because the other 2 sites would have automatically been stopped.\r\n\r\n \r\n\r\nsni4\r\n\r\n \r\n\r\nUsing an elevated command window you can see the new SSL binding type by running the following command:\r\n

netsh http show sslcert

\r\nThe picture below shows the SSL bindings for the 3 sites and the hostname is now included with port 443. Running this command on Windows Server 2008 you would only see the IP address and 443.\r\n\r\nsni7\r\n\r\n \r\n

In Summary

\r\nWindows Server 2012 and IIS 8 offer many new features and performance improvements for hosting sites. Server Name Indication (SNI) offers impressive SSL scalability with the addition of the Web hosting certificate store. Now you can host multiple unique certificates on multiple sites using only 1 address. Implementing SNI offers greater site density on web servers with only a minimal memory impact. Thanks for Reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Dec 272013
 

Thanks to Microsoft’s Web Platform Installer (Web PI) installing IIS has never been so easy. Before using Web PI to install IIS became available,  you had to use the Server Manager to install the Web Server (IIS) role and then select various Role Services that you need to be enabled. Depending on your level of expertise this could be a challenging task with lots scrolling back and forth and click upon click to get things just right,  but now you can have IIS deployed with just 3 clicks of your mouse.\r\n

Install Web PI

\r\nIf you’re not familiar with the Web PI, it is a powerful tool that can be used to install not only IIS but also SQL Server Express, Visual Web Developer, Express, PHP, WordPress, Umbraco, and many other 3rd party applications from the Windows Web Application Gallery. If you haven’t already done so first Download Web PI and install it. It’s free and has a small footprint of only 2 MB.\r\n\r\nimage\r\n

\r\n

Select IIS Recommended Configuration

\r\nOnce Web PI has been installed just launch the program . It will open to the Spotlight tab so just click on the Products tab and click Add next to IIS Recommended Configuration. If you don’t see it in the opening list just search for it. All you need to do after this is just click Install at the bottom of the window.\r\n\r\n \r\n\r\nimage\r\n\r\n \r\n\r\nYou may be curious as to what options are installed with the IIS Recommended Configuration. Here is what will be installed:\r\n

    \r\n
  • ASP.NET
  • \r\n

  • Static Content
  • \r\n

  • Default Document
  • \r\n

  • Directory Browsing
  • \r\n

  • HTTP Errors
  • \r\n

  • HTTP Logging
  • \r\n

  • Logging Tools
  • \r\n

  • Request Monitor
  • \r\n

  • .NET Extensibility
  • \r\n

  • Request Filtering
  • \r\n

  • Static Content Compression
  • \r\n

  • ISAPI Extensions
  • \r\n

  • ISAPI Filters
  • \r\n

  • WAS Process Model
  • \r\n

  • Management Console
  • \r\n

  • WAS Configuration API
  • \r\n

  • WAS .NET Environment
  • \r\n

  • .NET 4.5 Extended with ASP.NET for Windows 8
  • \r\n

  • .NET 3.5 for Windows 8
  • \r\n

\r\nBefore the installation starts you need to accept the license terms so just click I Accept.\r\n\r\nimage\r\n\r\n \r\n\r\nThe installation will run for a few minutes installing the essential features for IIS to work properly.\r\n\r\nimage\r\n\r\n \r\n\r\nOnce Web PI has completed installing IIS just click Finish.\r\n\r\nimage\r\n\r\n \r\n

Using IIS Manager

\r\nYour server is now ready for hosting web sites. Open IIS Manager and you’ll see the Default web site has been configured.\r\n\r\nimage\r\n\r\n \r\n\r\nWhen you browse http://localhost you’ll see the familiar IIS Start Page.\r\n\r\nimage\r\n\r\nThis page is named iisstart.htm and appears in the Default Documents list above default.aspx so once you upload your web site files be sure to delete this page.\r\n

Next Steps?

\r\nNow that you have IIS installed what’s next? Well you’ll want to go back to Web PI and at least install FTP Publishing. Once you have FTP Publishing installed you want to look into configuring FTP User Isolation as well as using FTP over SSL for greater security when transferring content to and from your server. You may also want to look at installing Url Rewrite 2.0 from Web PI. Url Rewrite offers many ways to rewrite urls for SEO and perform 301 redirects as well as blocking page requests.\r\n

Summary

\r\nThe Web Platform Installer (Web PI) is a powerful tool for deploying a wide variety of 3rd party applications such as WordPress and other popular CMS products but it can also be used to install IIS or even SQL Server Express on your server. The Web PI offers  unparalleled ease and convenience with installing applications on Windows servers. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Oct 072013
 

When you need quick analysis of your traffic logs you won’t find an better tool than Microsoft’s free Log Parser. With Log Parser you can read a variety of log files including the Registry and Windows event logs. It’s ease of use comes from using SQL queries against your log file. You can get your data even faster by using multiple log parser queries in a batch file.\r\n\r\nimage\r\n\r\nThe other day I was helping someone who needed some “top 10” data from their site’s log. Since I had these in my trusty batch file I could provide the text reports within seconds. However, I like to offer a little more pizzazz when possible so this time I decided use Log Parser’s native charting capability to output the results with some nice charts.  As the saying goes a picture is worth a thousand words.\r\n\r\nHere’s the query I used to create the chart above:\r\n

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10requests.gif \r\nfrom <file> group by cs-uri-stem order by count(*) desc" \r\n-o:CHART -chartType:pieexploded3d -categories:off -chartTitle:"Top 10 Requests"

\r\n \r\n\r\n

\r\n

Installing Office Web Components

\r\nCharting is a native feature of Log Parser however there is a dependency for Office 2003 Add-in: Office Web Components. Depending on where you are running Log Parser the first time you try to output your query to a chart you may see this error message:\r\n\r\nError creating output format “CHART”: This output format requires a licensed Microsoft Office Chart Web Component to be installed on the local machine\r\n\r\n

If you didn’t see the error above then you’re all set but if you saw the error then it will be necessary to install the Office Web Components before you can start outputting charts. Once you’ve downloaded the file just accept the License Agreement and click Install.\r\n\r\nimage\r\n\r\nThe installation runs quickly. Click OK to close the window.\r\n\r\nimage\r\n\r\n \r\n

Example Log Parser Reports with Charts

\r\nNow you’re ready to start creating some colorful charts. The most useful parameters in my opinion are –chartType, –chartTitle, –categories, –values, and –legend. There are some 20+ chart types that you can choose from including:  Pie, PieExploded, PieExlpoded3D, LineStacked, Line3D, BarClustered, ColumnClustered, Smooothline. The default chart type is Line.  To see all the possible chart options run this simple command:\r\n\r\nLogParser -h -o:CHART\r\n\r\nTo take your charts to the highest level of customization you can use an external configuration script with Jscript or VBscript . Take a look at the MSDN ChartSpace Object Model documentation for more information.\r\n\r\nHere are a few different charts with various options.\r\n\r\nimage\r\n

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10requests.gif \r\nfrom x.log group by cs-uri-stem order by count(*) desc" \r\n-o:CHART -chartType:pieexploded3d -categories:off -chartTitle:"Top 10 Requests"

\r\n \r\n\r\n

 \r\n\r\nimage\r\n

logparser.exe -i:iisw3c "select top 10 sc-status, count(*)  into top10errorcodes.gif \r\nfrom x.log group by sc-status having sc-status not in ('200') order by count(*) desc" \r\n-o:CHART -chartType:column3d -categories:on -values:on -chartTitle:"Top Status Codes"

\r\n \r\n\r\n

 \r\n\r\nimage\r\n

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10_404.gif \r\nfrom x.log group by cs-uri-stem, sc-status having sc-status in ('404') order by count(*) desc" \r\n-o:CHART -chartType:BarClustered3D -values:on -categories:on -chartTitle:"Top 10 404 Status"

\r\n \r\n\r\n

image\r\n

logparser.exe -i:iisw3c "select quantize(time, 60) as TimeGenerated, count(*) as Hits into \r\nhitsperminute.gif from %1 group by TimeGenerated" -o:chart -chartType:Line –chartTitle:"Hits per Minute"

\r\n \r\n\r\n

 \r\n\r\n \r\n\r\nimage\r\n\r\n \r\n

logparser.exe -i:iisw3c "SELECT TOP 10 cs-uri-stem AS RequestedFile, COUNT(*) AS TotalHits, \r\nMAX(time-taken) AS MaxTime, AVG(time-taken) AS AvgTime into slow.gif from x.log \r\nwhere EXTRACT_FILENAME(cs-uri-stem) not in('%begin%') GROUP BY cs-uri-stem ORDER BY MaxTime, TotalHits DESC" \r\n-o:CHART -chartType:barclustered3d -values:off -categories:on -chartTitle:"Top 10 Slowest Requests"

\r\n \r\n\r\n

\r\n

In Summary

\r\nMicrosoft’s Log Parser is a powerful tool for log file analysis. You can use it to analyze text files, csv files, Window’s event logs and even the Windows Registry.  You can make boring reports come alive with colorful charts.  There is a dependency on Office Web Components for charting to work but that is easily solved. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Jun 302013
 

Server Core for Windows Server 2012 offers a low-maintenance, limited functionality operating system. The primary benefits of Server Core are Reduced Servicing, Reduced Management, and Reduced attack surface. Management of Server Core is performed locally or remotely using Windows PowerShell, a terminal server connection from a command line or by using the Microsoft Management Console (MMC). There are many server roles available for Server Core instances such as Active Directory, DHCP Server, DNS Server, File Services, BITS Server, HyperV, Printing Services, and IIS, just to name a few. Here is a list of more Server Core roles that are available. This walkthrough will focus on installing IIS 8.

Install Windows 2012 Server Core

As you might have guessed the first step will be to install Windows 2012 Server Core. Launch your install media and select Server Core Installation and click next. If you’ve ever installed any other Windows operating system the menus at this point will look pretty familiar.

image

The installation goes quickly. You will receive status updates as it progresses.

image

 

Change the Administrator Password

Once the installation has completed you’ll need to change the administrator password. Just follow the prompts to complete this step.

image

 

Installing IIS 8

Once the base installation of Server Core has completed you’re ready to install IIS. Open Powershell and enter the following cmdlet:

install-windowsfeature web-server

Once the process completes you should see a Success result similar to the picture below.

image

 

Install IIS Remote Management Service

Since this is Windows Server Core we’re not going to see the IIS Manger GUI as with the other versions of Windows. So to maintain IIS we’ll need to configure the Remote Management Service. This can be installed by entering the following cmdlet:

Install-windowsFeature Web-Mgmt-Service

You’ll again see a Success result if everything worked properly as shown below.

image

You can use the following commands to start or stop the management service:

Net Stop WMSVC

Net Start WMSVC

 

Enable Remote Management (Web Management)

Next we’ll install Remote Web Management by entering the following cmdlet:

Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1

image

 

Create Firewall Rule for Web Management Service

Before we can remotely connect with the IIS Manger we need to create a rule for the local Windows Firewall. The following command will create the rule we need:

netsh advfirewall firewall add rule name=”Allow Web Management” dir=in action=allow service=”WMSVC”

image

 

Connect to IIS 8 on Server Core using IIS Manager

Now we’re ready to connect to IIS 8 on our Windows 2012 Server Core. Installing IIS Manger for Remote Administration on your PC is very straight forward. Once you have IIS Manager installed just right-click under Connections and select Connect to a Server.

image

Next just enter the server address.

image

Enter your administrator username and password.

image

You’ll be prompted to accept the server’s certificate for security.

image

 

Having properly authenticated on the server we can now see our default site and configure additional sites as well as maintain all of the usual IIS features and settings.

image

 

Summary

If you’re in the market for Windows Cloud Server hosting and aren’t really technically inclined then Windows 2012 Server Core may not be the right fit for you. However Windows 2012 Server Core offers a variety of server roles and has clear security benefits. Running IIS 8 on Server Core is very manageable thanks to the IIS Remote Administration Service. I will cover adding FTP in a future blog post. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Mar 132013
 

Remote Management for IIS 8 on Windows Server 2012 is a great way to connect to your site and accessing IIS features without logging in to the server.  It is straight forward to configure but requires a few steps to get working properly. An alternative scenario would be if you are using a 3rd party for Windows shared hosting and you do not have administrative access to the server. You could then use IIS Manager for Remote Administration on your PC to connect to the site and maintain it.

\r\n

Installing the Management Service on the Server

\r\n

With Windows Server 2012 and IIS 8 there are 2 ways that you can have this service installed. The first way is using the Server Manager and launching the Add Roles and Features Wizard.

\r\n

image

\r\n

 

\r\n

Once the Add Roles and Features Wizard opens scroll down to the Web Server (IIS) role and expand the management tools section. Click the checkbox next to Management Service and then click Next to complete the wizard.

\r\n

image

\r\n

 

\r\n

Once installation completes you will see that it has been added to the IIS Roles and Features in Server Manager.

\r\n

image

\r\n

 

\r\n

Alternatively you can install the Management Service using the Web Platform Installer. Open IIS Manager on the server and click Get New Web Platform Components.

\r\n

image

\r\n

 

\r\n

The Web Platform Installer will open up. You can filter on products named IIS and then sort the name column. In the list you’ll see the IIS Management Service. Click Add then then complete the wizard. It will take just a few moments to complete. The wizard will display a confirmation page upon completion. You can also double check that it has been installed successfully in the IIS Roles and Features in Server Manager as shown above..

\r\n

image

\r\n

\r\n

 

\r\n

Configure IIS for Remote Administration

\r\n

After the remote management service has been installed on the server you need to enable it and then assign user permissions before users can connect remotely. In IIS Manager at the server level scroll down to the Management groupHere you can add IIS Manager Users, check permissions for existing users, control Feature Delegation, and maintain the Management Service settings. Click on Management Service to configure remote administration and enable the service.

\r\n

image

\r\n

 

\r\n

Click Enable remote connections and then select whether or not you want to allow users to access the server using Windows credentials only or allow users with Windows credentials and IIS Manager credentials. Assign the IP address you want the service to be on and the default port 8172. If you have your own certificate you can assign that otherwise there is a default certificate available to be used. For additional security you can implement IP address restrictions. After saving your changes be sure to click Start. If you decide to change any settings later you’ll need to stop the service first before you can make any changes.

\r\n

image

\r\n

\r\n

 

\r\n

Allow Users to Access the Site Remotely

\r\n

User permissions are assigned at the site level. Go to the site you want to allow remote access to and click IIS Manager Permissions.

\r\n

image

\r\n

 

\r\n

Click Allow User.

\r\n

image

\r\n

 

\r\n

To add a Windows user click Select and then enter their name and then click Ok.

\r\n

image

\r\n

Remote administration has now been enabled and configured on the server. You have enabled a user to remotely connect to IIS. At this point the server configuration is complete. The only thing remaining is to install IIS Manager for Remote Administration on your PC.

\r\n

 

\r\n

Configure Client Settings

\r\n

On your PC use the Web Platform Installer to install IIS Manager for Remote Administration.

\r\n

http://www.iis.net/downloads/microsoft/iis-manager

\r\n

image

\r\n

 

\r\n

Once IIS Manager is installed on your PC then you can try connecting to the site. Simply right-click on the globe icon under Connections and then select Connect to a Site.

\r\n

image

\r\n

 

\r\n

Enter the server address where your site is hosted and the site name.

\r\n

image

\r\n

 

\r\n

Enter the username and password for authentication.

\r\n

image

\r\n

 

\r\n

Click Finish and then you’ll see your site in IIS Manager.

\r\n

image

\r\n

 

\r\n

If you look at the bottom right of the window you’ll see that you’ve connected securely to the remote site.

\r\n

image

\r\n

 

\r\n

Summary

\r\n

This walkthrough has covered how to install and configure Remote Administration on IIS 8 as well as using the Web Platform Installer to install the IIS Manager for Remote Administration on your PC.  Check with your Windows shared hosting provider if you have any difficulty connecting to your site. Depending your hosting providers delegation settings certain IIS features may not be enabled for remote administration. Thanks for reading.

\r\n

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website