Using the Server Configuration Application

  • Article
On This Page

Overview Overview
Specifying Hierarchy-Based or Unique ID-Based URLs Specifying Hierarchy-Based or Unique ID-Based URLs
Pruning Containers for Viewing Rights Pruning Containers for Viewing Rights
Mapping Channel Names to Host Header Names Mapping Channel Names to Host Header Names
Configuring Background Clean-Up Settings Configuring Background Clean-Up Settings
Changing Cache Location and Size Changing Cache Location and Size
Creating an Additional Web Entry Point Creating an Additional Web Entry Point
Removing an Entry-Point Removing an Entry-Point
Changing Access Options Changing Access Options
Configuring Site Server and IIS on MSCMS 2001 Configuring Site Server and IIS on MSCMS 2001
Using Active Directory Services Using Active Directory Services
Changing Security Settings Changing Security Settings
Displaying License Information Displaying License Information

Overview

In the Microsoft Content Management Server 2001 system, the installation program itself includes only the steps for installing files and setting up registry key information. The remaining functions are carried out by the Database Configuration Application (DCA) and the Server Configuration Application (SCA).

This chapter describes the SCA and how to use it to complete the setup of your MSCMS 2001 system. This step can be done after you complete the InstallShield Wizard and install the SQL Server database. Tasks in the SCA can also be done by the site administrator in standalone mode at any time by launching the SCA and selecting the applicable tab.

Before you can load the SCA and configure any local or global properties, you must first authenticate as a Windows 2000 or Active Directory user with local administrator rights on the machine to be configured.

Tasks you can do with the SCA

You can do the following tasks with the SCA:

  • select the URL type. Refer to Chapter 2, "Setting up Publishing: Creating Containers for Users" in the MSCMS 2001 Site Administrator's Guide for information about URL types.

  • prune containers to establish viewing rights

  • change the background cleanup settings

  • change the location and size of the disk cache

  • change the size of the memory cache

  • set multiple Web entry points

  • select or remove Window 2000 domains

  • change user authentication (Windows 2000, LDAP—Site Server or Active Directory)

  • change the MSCMS 2001 System Account

  • change cookie settings

  • turn guest access on or off

  • view product license key.

Security Alert

We strongly recommend you run the SCA over a Secure Socket Layer (SSL) connection. If you are not operating this way, when the SCA is first launched a security alert screen is displayed that indicates you are using an insecure network connection. If this is of concern, have your administrator create a secure connection before continuing.

Launching the SCA

After completing a database install, the DCA automatically allows you to continue with the SCA. You can also load the SCA by typing the following URL from any machine that has network access to the MSCMS 2001 server: https://<machine>/nrconfig where <machine> is the machine or domain name that corresponds to the SCA Web site. If the Web site that was selected (during the DCA operation) uses a port other than 80 (for example, 5114), you must include this port number in the URL: https://<machine>:5114/NRConfig. 

Note that if the Web site on which the SCA is installed is configured to deny access to all non-local IP addresses, then you need to change this setting before remote machines will be able to connect to the SCA—see the "IP address and domain name restrictions" tab of the "Directory Security" tab on the Internet Services Manager.

Alternately, you can launch the SCA from Windows by selecting Start>Programs>Microsoft Content Management Server>Server Configuration Application. The following screen is displayed.

The table after this screen explains briefly what each tab does.

Tab name

What it does

General

Default tab for the SCA. Displays the status of the following configuration options for the MSCMS 2001 server and provides access to the user interface used to modify these options:
URL format (hierarchical or unique ID-based)
prune container viewing rights
map channel names to host header names
background cleanup.

Cache

Displays the status of the cache options for the MSCMS 2001 server and provides access to the user interface which includes settings for the disk cache and memory caches. Includes a button to force the server to flush its memory cache.

Web

Displays the status of Web entry points for the MSCMS 2001 server and provides access to the user interface used to add or remove entry points. This includes details for all visible virtual servers with an indication of their status with respect to Content Management Server 2001.

Access

Displays the status of the access options for the MSCMS 2001 server and provides access to the user interface used to modify these options. Use this tab to modify the list of currently supported NT domains and a list of supported Active Directory containers or Site Server Organizational Units (OUs) if necessary.

Security

Displays the status of the Security options for the MSCMS 2001 server and provides access to the user interface used to modify those options. Use this tab to perform the following tasks:
modify MSCMS 2001 System Account information
modify Web cookie settings
modify guest access options.

Licenses

Displays the current user's product license key information.

Configuring global settings

You can configure global settings, as well as settings specific to one MSCMS 2001 server, whether it is part of a server farm or not. Two icons are used in the SCA to indicate if you can use a Global Default or override with a local setting. The Use Local Override indicator is in the form of a terminal and the Use Global Defaults is indicated by a globe as shown in the following screen example.

The global default is stored in the database and affects all servers that point to that database, unless individually overridden with a local setting.

Specifying Hierarchy-Based or Unique ID-Based URLs

Hierarchical URLs mimic a directory structure using your channel hierarchy and are what we recommend you use. Unique ID-based URLs generate numerical URLs to identify MSCMS 2001 items. To change the URL type, do the following.

  1. From the General (default) tab, click Configure.

  2. From the URL Format drop-down list, select Hierarchical or Unique ID Based. 

  3. Click OK. 

You must start IIS after making this change.

Pruning Containers for Viewing Rights

You can allow MSCMS 2001 Site Builder users to navigate all containers, even those they do not have rights to. Users cannot open containers they do not have rights to, but they can view them.

Or, by "pruning" containers, users can be allowed to see only the containers in which they have rights. The advantage here is that users see a tidy container hierarchy that is relevant only to them. However, they won't see containers in which they have rights, if those containers are nested under containers in which they don't have rights.

To configure how users see containers, do the following:

  1. Click Configure.

  2. From the Prune Containers in the Site Builder drop-down list, select Yes to have users see only the containers in which they have rights. Or, select No to have no container pruning done—users will see all containers, even those in which they have no rights.

  3. Click OK.

Mapping Channel Names to Host Header Names

Caution Be aware that if you select Yes for this function, you won't be able to stage your site.

This selection on the General tab indicates whether or not Content Management Server 2001 assumes that top-level channels should automatically be mapped as the root channel for a URL, with a host header name that is identical to the channel name. This feature can be used in environments where several Web sites, with different domain names, are being hosted on the same "live" (see Caution above) MSCMS 2001 server. The default setting is No.

With Mapping channel names to host header names enabled, every channel in the root channel becomes its own virtual Web site. Note that every channel directly under the root must be the name of a virtual Web site. A mixture of virtual Web site names and normal channels in the root channel is not supported.

When MSCMS 2001 generates URLs to an item inside a channel, it prefixes the URL with the name of the virtual site in which it is contained. On an incoming request to the server, MSCMS 2001 automatically chooses the appropriate channel based on the name that the user referenced in the URL.

Each of the virtual site names must be registered with a DNS server and point to the IP address of the live MSCMS 2001 server. You don't need to set up separate virtual sites under IIS.

Note This feature is activated only during Published mode and affects only URL generation and parsing. All other aspects of MSCMS 2001 continue to work as before.

Configuring Background Clean-Up Settings

During day-to-day operation, some data becomes obsolete. Doing a server background cleanup helps conserve database space by removing non-referenced resources not currently stored in a Resource Gallery, and also expired postings.

In addition to indicating whether the server should attempt background cleanup, the General tab displays the following information regarding cleanup:

  • how many days between clean-up attempts

  • when the cleanup was run last

  • when it is scheduled to run next.

You can globally set the number of days between clean-up attempts and when to schedule the last run so these options can be applied at one time to a server farm or cluster. Administrators can set a local override for the "Server Will Attempt Cleanup" value. The value specified applies only to the server through which the SCA is currently being accessed. All the servers in a server farm that reference the same database must use the same "time between cleanups" and "Hour to Attempt Cleanup" values. The default value is one day for the time between cleanups.

Note The term "attempt" refers to the fact that several machines in a server farm can be configured to do a cleanup. However, only the first machine to try will actually be doing the cleanup; therefore the term "attempt" is applied to the overall activity.

At least one machine in a server farm must be configured to do cleanup, otherwise the database will grow beyond bounds.

To turn on and set up background cleanup, do the following:

  1. Click Configure from the General tab screen.

  2. From the drop-down list under Use Local Override, select Yes or No to turn on or off the attempt to do a background cleanup.

    For a global default value instead, click the Yes button under the User Global Default title.

  3. Click Set Global to specify a global value for the Time Between Attempts.

  4. Specify a time value (GMT: in hour of the day). The default is one.

  5. Click OK to return to the General Configuration window.

  6. Click Set Global to specify a global default for the Hour to Attempt Cleanup, in Greenwich mean time (GMT).

  7. Specify the time (in hours) from the drop-down list. Click OK.

  8. Click OK to return to the General tab.

Tips

Server and database storage space

At least one gigabyte of storage space should be available to the MSCMS 2001 server and database at all times.

Expired postings

During cleanup, the MSCMS 2001 server purges expired postings.

Resources

As part of background cleanup, any resources not saved to the database by storage in a resource gallery, or "local" storage with a page or template, are purged from the database.

This means that if an author adds a resource to a page from anywhere other than the resource gallery (for example, by dragging the resource from the desktop onto the page), and later deletes or replaces that resource or page, the resource is purged from the database during cleanup.

Resources in a resource gallery remain there until explicitly deleted or replaced, even if not referenced by any page.

Versioned pages, postings, templates, and resources

Administrators now can purge all object revisions that were archived before a specific time using the time stamp (from within the Site Builder only).

For more information about versioning, see Chapter 6, "Using the Versioning Feature" in the MSCMS 2001 Site Administrator's Guide.

Changing Cache Location and Size

Content Management Server 2001 uses a disk cache directory to cache templates and resources. We recommend you increase the size of this cache to enhance system performance, if you are operating a large site with heavy traffic.

If the server's disk cache directory is installed on the same drive as Microsoft Windows, consider moving the IIS log files from the default location in the Windows directory to another drive. This prevents log files from accumulating and causing problems with the ability to cache data. Or, move the disk cache directory to another drive.

There is a button for clearing the memory cache on the Cache tab screen (before you click the Configure button). The server caches "nodes" in memory so that it doesn't need to go to the database to get nodes that were recently retrieved. You can clear the cache if you believe you are seeing problems relating to the server's cache not being synchronized with the database. Doing the clear operation has a minor impact on performance.

  1. To change the cache location, click Configure on the Cache tab, and browse to the new location. Click OK.

  2. The minimum cache size is 50 megabytes. The maximum cache size is the currently available free space on the target drive—the target drive is the drive where the cache directory will be. The default is 50% of the maximum, up to two gigabytes. For example, the default cache size for a target drive with greater than four gigabytes of free space is two gigabytes.

    Administrators can set either a local or global value for cache size.

  3. Set the maximum nodes in memory cache—use either the global default or a local override.

Creating an Additional Web Entry Point

There can be one or more MSCMS 2001 server entry points for each server. The server entry point is a virtual Web site that has been configured to point to an MSCMS 2001 server.

Select the Web tab to display a screen that gives the status of Web entry points and then allows you to configure whether authoring is allowed using this entry point. The components on this screen are as follows:

  • Web Server

  • IP Address

  • TCP Port

  • Host Name

  • MSCMS 2001 server.

To create an additional Web entry point, change the MSCMS 2001 server component as shown on the screen.

  1. Click Configure.

  2. For the Web site you want to configure, change the corresponding option in the "MSCMS?" drop-down list to Yes to either Authoring Allowed or Authoring Not Allowed.

  3. Click OK.

Handling read-only sites for deploying sites

If you try to deploy to a read-only site, your login will fail. To successfully do site deployment to read-only sites, do the following:

  1. Click Configure.

  2. If there isn't already a Web site on the same server as the read-only site, create a new one (Administrative Tools>Internet Information Services). The new Web site will show up in the list of sites.

  3. Ensure the MSCMS? drop-down list selection is Yes - With Authoring.

  4. Use this new entry point for site deployment.

Refer to Chapter 3, "Installing the MSCMS 2001 Server and Site Builder" for information about controlling which server the Site Builder connects to.

Removing an Entry-Point

Caution You cannot add or remove an entry point from the IIS Web site that the SCA is being loaded from. Also, you cannot remove the last entry point, regardless of what site it is on.

  1. Click Configure.

  2. For the Web site you want to configure, change the corresponding option in the "MSCMS?" drop-down list to No.

  3. Click OK.

Changing Access Options

The Access function supports tasks associated with domain accessibility, user authentication, and establishing support for Site Server or Active Directory for LDAP user authentication.

Changing Windows 2000 authentication

The Access tab screen shows a list of supported Windows 2000 domains (labelled as Supported NT domains in the following screen example) which the administrator can add to. Click Configure to display the following screen.

Click Browse and select or de-select the provided choices. Or, if you have many domains, manually type the domain name to save time. Click Add and then OK.

Using LDAP for user authentication

Using the Access function, you can choose LDAP for user authentication using either Site Server or Active Directory (for Windows 2000 systems). The following sections explain how to set up these two authentication services, starting with Site Server.

  1. Click Configure from the main Access tab.

  2. Select Site Server from the drop-down list.

  3. Select None (as shown in above screen shot) if you currently have either Site Server or Active Directory configured and you want to have only Windows 2000 users authenticated by Content Management Server. You would also choose None, if your site is not protected by Site Server or if your server is not an Active Directory service member server.

Prerequisites to using Site Server

Complete the procedures in Chapter 2, "Configuring Microsoft Site Server," as well as the chapter on installing and configuring your Microsoft SQL Server database before doing the steps outlined in this section. Note that Site Server is not supported in a clustered environment.

When installing the MSCMS 2001 server, the Site Server address must be specified identically as it was during the Site Server installation. For example, if you specified the IP address of the LDAP server, then you must enter this IP address, rather than "localhost," or the machine's name.

Using Site Server

If you select Site Server from the drop-down box, the following screen is displayed.

Selecting LDAP organizational units

In the above screen example, NT domains refers to Windows 2000 domains.

  1. Select an LDAP server. If the LDAP server machine is not using the default port, specify a port number in the Port box.

  2. If you are not using the anonymous login type, select Specified Login and enter the full LDAP administrator user name, for example, cn=Administrator,ou=Members,o=CompanyName, in the Login ID area. Enter the LDAP user's password.

    The LDAP account that MSCMS 2001 uses must have enough privileges to:

    • see all the organizational units containing users or groups that you want to add to subscriber groups.

    • get the LDAP group membership information for all LDAP users and groups that will be added to subscriber groups.

    To satisfy these requirements under all circumstances, we recommend you create an account that has read access to everything but no write access.

  3. Select the organizational units to which you want to give access to MSCMS 2001 by clicking their names. MSCMS 2001 administrators will be able to add the users and groups in the selected organizational units to MSCMS 2001 rights groups. You can also Add more OUs using Add and Browse.

  4. When done configuring all the relevant options, click OK.

Configuring Site Server and IIS on MSCMS 2001

Creating a new local Membership Server

The following steps are required only if the MSCMS 2001 server and LDAP Server are installed on separate machines.

  1. In the Management Console, select the Personalization and Membership folder and right-click the name of the computer that will be used for the MSCMS 2001 server. Select New>Membership Server Instance.

  2. Select the Custom Configuration option. Click Next.

  3. Enable Active User Object (AUO) only. Do not enable LDAP or Direct Mail. Click Next.

  4. For the LDAP service, use the name and port number you used when configuring the LDAP server in the "Creating a Membership Server for use with MSCMS 2001" section of Chapter 2, "Configuring Microsoft Site Server." Click Next.

  5. Enter "Administrator" in the LDAP Username box. Type the administrator's password in the Password box. Click Next.

  6. Click Finish.

Mapping IIS to the Membership Server for authentication

To associate the new Membership Server with the MSCMS 2001 Web site:

  1. In the Management Console, select the Web site used by MSCMS 2001. Right-click and select Task>Membership Server Mapping from the menu. The Membership Server Mapping dialog box opens.

  2. From the Membership Server Mapping dialog box, select the Membership Server you created on the computer that will host the MSCMS 2001 server. Click OK.

The IIS used by MSCMS 2001 can now use the Membership Server to authenticate subscribers.

Configuring authentication for root and NR virtual directories

Before using the MSCMS 2001 server with Site Server, you must change the access properties of several virtual directories.

Configuring the Web site's root virtual directory

The root virtual directory must not allow Anonymous Access. This is so a user entering the Content Management Server 2001 system must initially log in through Site Server (using the NRSiteServerAccess.asp file in the root directory). If successfully authenticated, they can access items within the NR subdirectory. Access to channels and postings within Content Management Server 2001 is determined by the user's subscriptions and rights. To configure the Web site's root directory:

  1. Open the Microsoft Management Console from the Site Server Program group.

  2. Select the IIS folder. Right-click the Web site used by MSCMS 2001 and select Properties.

  3. On the Default Web Site Properties dialog box select the Membership Authentication tab.

  4. Clear the Allow anonymous check box.

  5. For authentication, choose one of the following options:

    • HTML Forms

    • Other Password Authentication (DPA or Clear Text/Basic Authentication).

  6. Click OK to close the dialog box.

Configuring the NR virtual directory

  1. Below the root virtual directory locate the NR virtual directory and right-click it. Select Properties from the pop-up menu. The NR Properties dialog box opens.

  2. Select the Membership Authentication tab.

  3. Select the Allow Anonymous check box. The MSCMS 2001 System Account is used during anonymous access.

  4. Choose the same Security Support Providers settings used for the Web site's root virtual directory. Click OK.

  5. Close the Microsoft Management Console. Click Yes when prompted to save the console settings.

Managing the Membership Directory

To map the Membership Directory folder to the LDAP directory so that users and groups can be created, viewed, and managed from the machine hosting the MSCMS 2001 server:

  1. In the Management Console, right-click the Membership Directory Manager. Select Properties.

  2. Choose the LDAP server's name and port number. A Logon dialog box opens.

  3. If anonymous access to the LDAP server is allowed, select "Logon Anonymously." If anonymous access isn't allowed, choose "Logon using" and enter your LDAP Server user name and password.

  4. Click OK.

Using Active Directory Services

The following information applies only to Content Management Server 2001 sites that will be integrated with Windows 2000 Active Directory services to use Active Directory LDAP authentication. Note that user groups and users must still be created and configured on Domain Controllers (DCs) only.

Note The MSCMS 2001 server must be installed on a Windows 2000 Server or Advanced Server, and be a member of an Active Directory domain.

  1. From the Access tab screen, click Configure.

  2. Select Active Directory from the drop-down list beside LDAP Authentication Service as shown in the following screen.

  3. Note that the Login ID is the MSCMS 2001 System Account. See the next section for more information about authenticating the user with the Login ID.

  4. Choose the domain to which to give access to your MSCMS 2001 server. You can manually enter the domain name in the top line or use the drop-down list to select one. MSCMS 2001 administrators can add the NT users and groups in the selected domain to the MSCMS 2001 rights groups. Also, only those selected domains will be available when logging in the Site Builder and when using the Web Author manual login.

  5. Add any supported Active Directory containers required. You can enter manually or use the Browse button to display the containers.

  6. A list box, based on the Login ID and password, displays hierarchically, all OUs from the selected domain. Only containers not set to Advanced view for Microsoft Management Console (MMC) are displayed. Select the OUs from this list that must be supported, or clear the check box for any that shouldn't be supported.

Authenticating with Login ID

The Login ID (user name) is used by MSCMS 2001 to connect to Active Directory to retrieve the organizational units (OUs) and containers. The MSCMS 2001 System Account is used as the Login ID. Therefore, the MSCMS 2001 System Account must have at least read privileges to all the domains, OUs, and containers and the users within, that the system needs to authenticate.

The domain can be in distinguished name (DN) form, Windows 4.0 NT form (with a trailing backslash), or canonical form for domain names (for example, microsoft.com). The containers (when using the Add button) can be in DN or canonical form (microsoft.com/users).

Note We recommend that frequently used domain, OUs, and containers be explicitly selected to make it easier for the user to log on.

Changing Security Settings

Use the Security function to change the following:

  • MSCMS 2001 System Account information

  • guest user access options

  • Web cookie settings.

Modifying MSCMS 2001 System Account information

What is the MSCMS 2001 System Account?

The MSCMS 2001 system account is the Windows 2000 account that Content Management Server 2001 uses to access resources on your network and to connect to Active Directory if it is used.

We recommend creating a dedicated Windows 2000 user account, as opposed to an account that belongs to a member of your staff. Using a dedicated account, and setting the account's password to never expire, ensures that the password for the System Account never changes. If the password is ever changed, MSCMS 2001 won't operate properly because it will be impossible to access the database or write files to the cache folders. In this case, use the SCA to update the password.

What are the implications for changing the System Account in multiple-server configurations?

In multiple-server configurations, each server in the configuration can possibly have a different MSCMS 2001 System Account. The system administrator must have administrator rights on the local machine to change the System Account.

System administrators versus Initial MSCMS 2001 Administrators

A system administrator is a network user with administrator rights on the local machine. The system administrator can:

  • install Content Management Server 2001

  • create the MSCMS 2001 server

  • configure the server using the DCA and SCA.

The Initial MSCMS 2001 Administrator is a Windows 2000 domain user account that is initially the only account that can log on to Content Management Server 2001. It is used to set up MSCMS 2001 access rights and hierarchies. Note that this is not the same account as the MSCMS 2001 System Account.

Enabling guest user access options

For a Windows 2000 account, enabling the guest access allows unauthenticated (no password required) users to:

  • view postings that have been granted guest access

  • see postings in channels that the guest user has rights to.

Note If you enable guest access, the account you specify as the guest account must be added as an MSCMS 2001 subscriber through the Site Builder. This account must also be granted access rights to the channels that guest users are allowed to view.

Users (guests or otherwise) are given a cookie when they authenticate themselves with MSCMS 2001. Whenever they make another request, they give this cookie back to MSCMS 2001 and MSCMS 2001 validates the request. Use the Security tab to adjust the following cookie settings.

A cookie is valid for only a certain amount of time before the user's "session" is deemed to have expired, at which time they must re-authenticate themselves. This time, in minutes, is the "cookie lifetime." The default is 12 hours.

A cookie contains the Internet Protocol (IP) address of the authenticated user. If the Check Machine IP Against Cookie property is set to Yes, every request received by MSCMS 2001 is validated to make sure it is coming from the same IP address from which the original authentication request came.

This functionality can be disabled because some users (such as AOL users) can have a different IP address with every http request. So if this is enabled, your site may not work for certain users.

Displaying License Information

The Licenses tab displays current licensing information including user name, company, and product ID and expiry date for the Evaluation edition.