Verifying That Clients Are Not Gaining Access to Web Sites
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 with SP1
The IIS 6.0 Migration Tool requires only read access to the Web site content and configuration settings on the source server. Therefore, the source server can remain online in your production environment. However, you might need to remove the source server from your production network and move it to a private network segment that has direct network connectivity to the target server under the following circumstances:
The number of files and amount of configuration information being copied across the network generates a high volume of traffic and slows the production network.
Firewalls that exist between the source and target servers prevent the migration tool from performing the migration. This often occurs because the migration tool uses DCOM ports that are blocked by the firewalls for communicating with the source and target servers.
Security-related configuration settings on the source server need to be modified to allow the migration tool to work.
Examples of these security-related configuration settings that can prevent the migration tool from working include the following:
Remote access to disk volumes through administrative shares is prohibited.
The IIS 6.0 Migration Tool requires access to the disk volume that contains the Web site content to perform the migration. For example, if the Web site content is stored in D:\Inetpub\Wwwroot, the migration tool must access the administrative share (D$) of the disk volume. The administrative shares are often removed to help prevent unauthorized access to the Web server. In order to use the migration tool, you must re-create the appropriate administrative shares.
Remote access to the source server must be allowed for members of the local Administrators group on the source server.
For security reasons, many organizations restrict the members of the local Administrators group so that they can only log on locally, not over the network. However, the migration tool must be able to remotely access the source server over the network, as a member of the local Administrators group.
- Remote access to disk volumes through administrative shares is prohibited.
Verify that clients are no longer accessing Web sites by completing the following steps:
Prevent new clients from accessing the sites by pausing the sites.
For more information about how to pause Web sites, see Pause Web or FTP Sites.
Monitor the active Web connections to determine when clients are no longer accessing the source server.
For more information about how to monitor the active Web connections, see Monitor Active Web and FTP Connections.
When the number of active Web counters is zero, stop the WWW service or move the source server to another network segment.
If you elect to stop the WWW service, ensure that the IIS Admin service is running because the migration tool requires the IIS Admin service. For more information about how to stop the WWW service, see Stop the WWW Service.