IIS 6.0: Warnings Received After Upgrade (332108)
The information in this article applies to:
- Microsoft Internet Information Services
- Microsoft Internet Information Services version 6.0
This article was previously published under Q332108 IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry SYMPTOMSWhen you upgrade a server with Internet Information Services (IIS) installed to Microsoft Windows Server 2003, you may receive the following warning messages:The following items are not compatible with Windows. If you continue, you may not be able to use these items, even after Setup is complete.
! IIS World Wide Web Publishing Service(W3SVC) will be disabled during upgrade.
! IIS is being installed on a FAT volume. This will disable IIS security features.CAUSEYou receive the first message when you upgrade a server that has not run the IIS Lockdown Wizard or configured the RetainW3SVCStatus registry key.
You receive the second message when the partition is formatted as FAT. The warning indicates that installing IIS on a FAT volume disables Windows Server 2003 security features that require the NTFS file system. Microsoft recommends that administrators consider converting from FAT to NTFS before continuing the upgrade. NTFS is generally the recommended file system because it is more efficient and reliable, and NTFS supports important features including Active Directory and domain-based security.
Active Directory is necessary for domains, user accounts, and other important security features.
NTFS has always been a more powerful file system than FAT and FAT32. Microsoft Windows 2000, Microsoft Windows XP, and the Microsoft Windows Server 2003 family include a new version of NTFS, with support for a variety of features including Active Directory. RESOLUTIONWARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. By default, because of increased security measures, the World Wide Web Publishing
Service (WWW service) is not enabled after you upgrade from the Windows 2000 Server family with IIS 5.0 unless you do one of the following: - For manual or unattended upgrades, run the IIS Lockdown Tool on the computer that is running Windows 2000 Server before you start the upgrade process.The IIS Lockdown Tool reduces the attack surface of your server by
disabling unnecessary features, and the tool provides the option to
enable and customize features for your site.
- For manual or unattended upgrades, add the RetainW3SVCStatus registry key to the registry as follows:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC
- On the Edit menu, point to New, and then click Key.
- Type RetainW3SVCStatus, and then press ENTER.
- On the Edit menu, point to New, and then click DWORD Value.
- Type do_not_disable, and then press ENTER.
- On the Edit menu, click Modify.
- Type 1, and then press ENTER.
- For unattended upgrades, include the entry "DisableWebServiceOnUpgrade = False" in the [InternetServer] section in an unattended installation script.
- Enable the WWW service after you upgrade:
- Click Start, click Administrative Tools, and then click Services.
- Right-click World Wide Web Publishing, and then click Properties.
- Click the General tab, set Startup type to automatic, and then click Apply.
- Click Start to start the service, and then click OK when the service has started.
Important If you do not run the IIS Lockdown Tool, after the upgrade is complete, you must make sure that all unnecessary IIS
features have been removed or disabled and that the enabled features
are configured with the highest security settings that your
organization can support.
For more information about securing the server, see the "What's Changed" and "Security
Best Practices" topics in the IIS 6.0 Help. To view this documentation online, visit the following Microsoft Web sites: http://technet2.microsoft.com/windowsserver/en/default.mspxConvert to NTFSTo run IIS securely, you must install IIS on an NTFS partition. Microsoft recommends that you convert to NTFS before you upgrade. If you do not convert to NTFS before you upgrade, you can still convert the drive. - Click Start, click Run, type cmd, and then click OK.
- At the command prompt, type the following, and then press ENTER:
- When you receive the following message, type N, and then press ENTER:The type of the file system is FAT32.
Convert cannot run because the volume is in use by another process. Convert may run if this volume is dismounted first.
ALL OPEN HANDLES TO THIS VOLUME WOULD THEN BE INVALID.
Would you like to force a dismount on this volume?
- When you receive the following message, type Y, and then press ENTER:Convert cannot gain exclusive access to the C: drive, so it cannot convert it now. Would you like it to be converted the next time the system restarts <Y/N>?
- When you receive the following confirmation, restart the server to complete the conversion process:This conversion will take place automatically the next time the system restarts.
REFERENCES
For additional information about the IIS Lockdown Tool, click the following article number to view the article in the Microsoft Knowledge Base:
325864
HOW TO: Install and Use the IIS Lockdown Wizard
For additional information about converting to NTFS, click the following article number to view the article in the Microsoft Knowledge Base:
314097
How to Use Convert.exe to Convert a Partition to the NTFS File System
For additional information about securing IIS without running the Lockdown Tool, click the following article number to view the article in the Microsoft Knowledge Base:
814874
INFO: How to Configure Security by Using IIS 6.0
For more information about the NTFS file system, see the product documentation for Windows Server 2003. To view this documentation online, visit the following Microsoft Web site:
Modification Type: | Major | Last Reviewed: | 3/3/2006 |
---|
Keywords: | kbpending kbprb KB332108 |
---|
|