Summary

This Knowledgebase article provides information about this specific release of the IIS plugin v201.5.8.

What's New

• Support for IIS 10.0 version included in Windows 2022 Standard/Datacenter
• Plug-in Configuration improvements: changes are applied immediately after being configured (EN-4018)
• Registry filter discovery mechanism optimization (EN-3727)

More Information

Note: This plug-in requires Neverfail Continuity Engine v8.1 or later. 

Supported Versions and Platforms

• IIS 10.0 version (10.0.20348.1) included in Windows 2022 Standard/Datacenter 
• IIS 10.0 version 1809 included in Windows 2019 Standard/Datacenter 
  
• IIS 10.0 version 1607 included in Windows 2016 Standard/Datacenter
  
• IIS 8.5 included in Windows 2012 R2 Standard/Datacenter
  
• IIS 8.0 included in Windows 2012 Standard/Datacenter
  
• IIS 7.5 included in Windows 2008 R2 SP1

Changed Features 

• Task Scheduler (Schedule) service target state is Restarted on Active server and Running on passive server(s). (EN-2634)  

Known Issues

• [Applicable to CE 8.5U4 or newer]: new created IIS sites configured with default ApplicationPoolIdentity are not accessible on the new active server after a switchover - response: “HTTP 503 – Service Unavailable” Error: Application pool <app pool name> has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool. Workarounds: either of the following should be applied: (1) change the Application Pool Identity to any other existing account different than the default ApplicationPoolIdentity (2) restart the Engine node which was passive at the time of IIS site creation (EN-4012)
• When logging for a web site is disabled, the log directory is not removed from the protected set.
• A self signed certificate created on the peer server can't be used/set for an SSL site after a switchover (Ref - 12646).
• IIS plugin does not protect sites physically located within C:\Windows\system32\RpcProxy\... folder (Ref - 12341).
   

About IIS Plugin 

IIS plugin proactively monitors and protects your IIS environment, looking for changes to web, FTP, and SMTP sites. This plug-in protects the IIS services, content and system configuration.

Install/Uninstall the IIS Plugin Via the Advanced Management Client

First time installation of the IIS Plugin must be via Neverfail Continuity Engine Setup. Uninstall / upgrade can be performed using Applications -> Plugins in the Advanced Management Client using the procedure below.

To remove/uninstall IIS Plugin, follow the steps below:

1. Launch the Advanced Management Client.
2. Navigate to Applications -> Plugins.
3. Select the desired plug-in to be removed/uninstalled. 
4. Click on the Uninstall button in the 'Plugins' pane.

After uninstall has completed, the files need to be deleted if the same version of the plug-in is to be re-installed.  This is by design for future functionality. The following steps are only required if you need to reinstall the same version:

1. Copy the contents of the r2\plugins\<sponsor>\<version> folder to a different location (for example, C:\temp).
2. Delete the contents of the r2\plugins\<sponsor>\<version> folder.
3. To reinstall the plug-in, when prompted for the location of the plug-in files, navigate to the new folder location (for example, C:\temp).
   
   Note: As an alternative, you can use the downloaded files from the original download location after removing the plug-in.

To install a new version of the  IIS Plugin via the Advanced Management Client, follow the steps below:

1. Unzip the IIS Plugin .zip file in the desired location.  
2. Launch the Advanced Management Client. 
3. Navigate to Applications -> Plugins. 
4. Click on the Install button. 
5. Click the Browse button and navigate to the location of the IISNFPlugin.dll file. 
6. Click OK to complete the installation.

Administration

When IIS Plugin v201.5.8 is installed, and the IIS Manager console is open on the active server, the protected HTTP service fails to stop (or takes a long time to stop) when any of the following operations is performed (Ref - 14355):

• Stop Applications
• Stop Replication and opting to stop also the protected applications
• Switchover 

Rules - This plug-in provides the following 'IIS Monitoring Rules'

Note: Depending on the type of authentication in use for the website, administrators must provide a valid username, password, and domain or use anonymous or Windows authentication for the Rules listed below to operate properly.

• Check Website Availability
  • This rule will fail if the site fails to return a 200 http response code
  • For the 'Check Website Availability' rule to work properly, it must be configured with the full address and requires an authorized Username, Password, and Domain
  • Default site is 'http://localhost/default.aspx' with anonymous user
• Check Website Response Time 
  • This rule will fail if the 200 response code is not returned within the number of milliseconds configured
  • For the 'Check Website Availability' rule to work properly, it must be configured with the full address and requires an authorized Username, Password, and Domain
  • Default site is 'http://localhost/default.aspx' with anonymous user

To configure/modify these 'Rules', follow the steps below:

1. Launch the EMS Web UI (Advanced Management Client).
2. Navigate to Rules.
3. Select the desired 'Rule'. 
4. Click on the Edit button at the top of the Rules' pane. 
5. Configure/modify the desired fields (listed below). 
6. Condition: (the condition being evaluated)
7. Duration: (the length of time the condition exists) 
8. First Failure: (action to take upon first failure) Note: The default is set to 'Alert'. 
9. Second Failure: (action to take upon second failure) Note: The default is set to 'Alert'. 
10. Third Failure: (action to take upon third failure) Note: The default is set to 'Alert'.
11. Click OK to save the changes.
    
    Note: This dialog is also used to Enable/Disable the selected 'Rule'.

Sites Configured with SSL

Sites configured with SSL may require the certificates to be trusted for the Web Site rules; otherwise the following error message may be reported The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

1. Type mmc in the run console to open an Advanced Management Client.
2. Click Add and select Certificates from the list. Click Next.
3. Select the Computer certificates option and complete the wizard.
4. Copy and paste the certificate to the trusted root certificate hive.
5. Restart the IIS service. 

Tasks - The only configurable parameter for 'Tasks' associated with this plug-in is the frequency in which to run filter discovery, runs every 2 minutes by default.

To configure a new Custom Task, follow the steps below:

1. Using the EMS Web UI (or Advanced Management Client), click on Tasks. 
2. Click on the Add button at the top of the Tasks pane. 
3. Enter the appropriate information completing all fields in the dialog. 
4. Click OK to save the changes.
   
   Note: This dialog is also used to Enable/Disable the selected Task.

Unsupported Components and Features

This plug-in does not protect the following application features or components:

• Web Printers
• Replication of locally created users – affects FTP, POP3
• Server appliance web or web admin directories 

Applies To

IIS Plug-in