IIS 7 Shared Configuration–Week 28

You can find this week’s video here.

IIS 7 (and 7.5) offers an extremely useful and easy to use feature for shared web farm situations, called Shared Configuration. This week walks through how to setup IIS Shared configuration, along with a few considerations necessary to administer web farms.

This is a mini sub-series on web farms. Last two weeks covered setting up a domain and setting up DFS-R for content and folder replication. This week starts in on keeping Internet Information Systems’s (IIS) configuration in sync between multiple web servers.

This is week 28 of a 52 week series for the Web Pro. Past and future videos can be found here: http://dotnetslackers.com/projects/LearnIIS7/

You can find this week’s video here.


  • Hi,

    All our web servers run Windows Web Server 2008 R2, which doesnt have access to File Servers to set up DFS.

    This does mean that we need to use UNC for our Shared Config.

    Offline files is only accessible on Server 2008 R2 if you enable Desktop Experience - which I dont want to do on a web server!

    Do you have any advice on how to ensure maximum uptime for the IIS configs?

  • Hi RichardM,

    You have a couple good options still. Using a UNC path is acceptable. If the server hosting the config goes down, the other one will keep a cached version (as long as it doesn't also reboot).

    In that case you'll need to use pass-through authentication since you don't have domain accounts. Create the exact same user and password on the various servers and it will pass through to the others. Make sure to lock down both the share and NTFS permissions so that only the web servers can access it for this purpose.

    Another option is to use something like robocopy. You can have it run with a scheduled task every minute. It's lighting fast for 2 files so it won't add any strain to the server. You can either consider 1 server a master server which pushes to the others, or you can have multiple commands in a batch file, which push each server to every other server. There's a flag to only copy the most recent version over the others.

    Personally I like to keep the config local to remove network issues from impacting your server, so I would lean towards robocopy. But both options are fully acceptable.

  • What do you do if you're trying to use sharedconfig but have different IP addresses on each server? Is there a way to override parts of the shared config? I currently have it set to * (all available), but we have machines that have multiple IPs and want them to be static.

  • Hi AJ,

    Unused IP addresses are non-harmful so what you can do is add the IP addresses for all of the servers to the site. Then only the relevant one will be used while the others will be ignored.

  • Awesome. That works! Thanks again for the work you do on this series. I've found myself recommending this series to the new guys in our group and they all find it very helpful.

  • Thanks for the great feedback AJ!

  • Hi Fred,

    IIS doesn't mind if you have unused bindings, so for the IP addresses you can assign them to each server locally and assigning all bindings for all servers to your web farm. Then no matter which server a user visits, it will work for them.

    Mind you, with NLB I would have assumed that the binding is the same already since NLB exposes one or more IPs that look the same on all nodes. Regardless, just assign all bindings to all nodes (or the first node and it will replicate)

    For SSL, that's more difficult. If you don't have a lot to manage then it's probably easier just to assign them once each per server. Just don't forget to do that one step on all servers in your server farm when you have an SSL binding change.

  • Hi

    First i would like to thank you for videos, they are a gold mine of information, i would like to ask you about FTPS setup in IIS Shared configration

    I tried to setup two nodes with DFS replication and used shared IIS Configration. IIS Conigration is stored on C:\IISConfigration replicated to the other node. Now i tried to setup FTPS for a site with SSL, the configration is not replicated.( SSL Certifacte not selected) when try to fixed it get reseted on the other node ( when i select to set SSL Certficate on teh first node, the other nodes are deselected and vice versa.

    Did come to this issue.

    My servers are Windows 2008 R2.

  • Hi haraziym,

    Yes, you've hit on something that is a pain. The issue is that the SSL cert isn't saved in the IIS config files. That's set with netsh instead.

    (btw, IIS8 has a better story for this with what's called the Central Certificate Store (CCS))

    The solution is two-fold. First you need to have the same cert on both machines. Make sure not to create 2 separate certificates directly from your cert authority. Instead, create one on the first server then export that and import on the other server. That way the certificate will be identical between servers.

    Then, the second step is to manually select that cert from each server. Once you've selected it once then everything should work with shared configuration after that.

  • Thanks a million :)

    I was ponding my head for an answer. I’m using a wild card certificate and issuing a certificate for each server (since each server will have a CSR file to generate the certificate ). I will try your approach and keep you posted. :)

  • That sounds promising then. That would normally be an acceptable configuration except for IIS Shared Configuration which needs them to be the same. There are possible workaround solutions by creating a unique SSL binding per server so that only the active one is used on each server and the other is ignored, but hopefully you don't need to worry about that.

  • Hi

    Export - import approch worked perfectly :).

Comments have been disabled for this content.