IIS Insider - January 2003
By Brett Hill
What are the Consequences of Renaming the IIS Server Name?
Q: As a follow up to November's question: What are the consequences of renaming the IUSR account', I'd like to know the consequences for an IIS server, if the server is renamed.
A: The server's name is assigned during the installation of Windows 2000 and can be changed after installation. The terms Server name, Computer name, and Host name are all used to describe what is technically the Netbios name of the computer. You can determine this server's name from a command window with command hostname'.
On Microsoft networks, this name is used to resolve the server name to an IP address through WINS, DNS (in Windows 2000), or by Netbios name table lookup. IIS does not use the server name such that it cannot be changed. This does not mean that applications or COM objects in your applications are server name independent. For example, changing the server name is not supported if Site Server 3 is installed on an IIS 4 server. There is some housekeeping you need to perform when you change the server name on an IIS 4 server, as detailed in http://support.microsoft.com/default.aspx?scid=kb;EN-US;234142&sd=tech. IIS 5 however is a different story, and I've often changed the server name of Windows 2000 server running IIS 5 with no adverse effects whatsoever; nevertheless, this should not be done casually.
To change the server name, right click My Computer, select Properties, then click Network Identification. Next, click the button labeled Properties to see the Computer Name field.
After making such a change, keep in mind that the server name and IUSR_<servername> and IWAM_<servername> user accounts will reflect the old server name. They are not updated to reflect the new server name. This is of no concern to IIS, and anonymous authentication (as well as out of process applications running as the IWAM account) will still operate without difficulty. Some modifications will be required if you have remote applications, such as remote MMC consoles, scripts, or terminal services clients looking for the old server name. Additionally, clients that use file shares on the IIS server to publish content will need to update their shared folder connections with the new server name.
Keep in mind that a Windows 2000 server with Certificate Services installed cannot have its identity changed. You must uninstall Certificate Services before you can change the computer name of the computer, join, or leave a domain.
What Does The Parser Error Message Mean?
Q: We have a fully patched IIS 5 server and are receiving the following error Parser Error Message: It is an error to use a section registered allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. Can you explain what this means?
A: I love these verbose Asp.net error messages! They often direct you to the solution as well as describe the problem. You'll see this error when your Asp.net application is configured such that it uses a feature like <authentication mode../> or <sessionState..> that requires an Application be defined in the metabase, and that definition is missing. You can correct this by either removing such settings from your web.config files, or by clicking Create on the Home Directory, Virtual Directory, or Directory properties tab of a web site, virtual directory, or directory, respectively. This location will require at least the Scripts Only permission and Read permissions as well.
What Can Analyze URLScan Log Files?
Q: We currently analyze our W3SVC and URLScan log files in order to identify and classify the kinds of attacks on our server. While there are products that allow us to load with W3SVC log files, scanning URLScan files is not supported by these tools. Does Microsoft provide a product or tool that we can use to analyze URLScan log files?
A: How about using a free utility that allows you to data mine, reformat, and generate reports not only on URLScan logs, but W3SVC, Event Viewer entries, or any text based log file (firewall and intrusion detection systems come to mind)? Microsoft's free Log Parser tool was designed specifically to meet the needs of IIS, System, and Security administrators who need to gather and report on important information that can only be extracted from log files and other data sources, often with different file structures.
The Log Parser accepts as a source a variety of file formats including:
- W3C Extended
- IISMSID [Microsoft IIS log format files generated when the MSIDFILT filter or the CLOGFILT filter is installed]
- NCSA Common
- Binary Log File Format (for IIS 6)
- Open Database Connectivity (ODBC)
- HTTP error log files (IIS 6)
- Event Viewer entries for the System, Application, and Security Event Logs and EVT backup log files.
- Generic CSV files
- Generic W3C files, such as Personal Firewall log files, Windows Media Services log files, and Exchange Tracking log files.
- File and directory structure information.
- Generic text files.
The Log Parser includes a query engine that allows you to run SQL style queries to generate reports or reformat the information. Some skill with SQL syntax will take you a long way with this tool.
For example, you can sum the number requests and bytes sent per hour for a web site, using the following syntax:
SELECT TO_STRING(TO_TIMESTAMP(date, time), 'yyyy-MM-dd hh') AS Hour, COUNT(*) AS Total, SUM(sc-bytes) AS TotBytesSent FROM ex*.log GROUP BY Hour ORDER BY Hour
Of course, you could narrow that down to an individual folder or file and scope by date, time, or any other parameter in the log files.
In the same way, you can query URLScan logs. The following example reports the number of rejections by a client IP address:
SELECT ClientIP, COUNT(*) FROM URLSCAN WHERE Comment LIKE 'Url%' GROUP BY ClientIP
The Log Parser has many other features such as output the results to an XML file, an Active X object providing Log Parser functionality (using ADO), and the ability to format output using custom templates, to name a few.
Clearly, this is powerful utility and will make its way into many toolkit folders for IIS administrators.
Submit your questions to the IIS Insider. Selected questions along with the answers will be posted in a future IIS Insider column.
For a list of previous months questions and answers on IIS Insider columns, click here.
We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as is," without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.