In my article on RSAT: Remote Server Administration Tools I walked you through installing the remote administration tools and connecting to the Terminal Service Manager in Windows Vista.
All could have been hunky dory at that point and you are merrily administrating your servers remotely from your Vista desktop, when you realize you need to make a change to one of your websites running on IIS 7. No problem at all you think, let me just fire up the old IIS Manager and we will knock this out and head out to lunch.
Unfortunately for your rumbling stomach, when you start IIS Manager within Vista you find that you cannot connect to the server to administrate IIS. Well fear not rumbling stomach, we will quickly work through this issue and get you off to your Chinese buffet!
Here are some of the benefits you will get from this new version of remote management: It runs over SSL, so it will be very firewall friendly when we have to open ports It allows users with administration privileges to connect and manage delegated websites remotely How to Install the Client Side
Let’s start with the basics of this fun, life changing event of remote administration. Here is what you will need client side: Windows Vista with Service Pack 1 Internet Information 7 Management Console Installed Install IIS 7 Manager – Download from IIS.net: X86: http://www.iis.net/downloads/default.aspx?tabid=34&i=1626&g=6 X64: http://www.iis.net/downloads/default.aspx?tabid=34&i=1633&g=6
Once you get the download let’s go about setting this up. Let’s first check that all the above requirements are met.
1. Click on the Start button, right click on the Computer button, and left click Properties.
2. In the System window verify that you have SP1 installed. (Of course the reality is if you were remotely administrating IIS, you should already know if you have SP1, but I digress)
3. Now let’s see if the Internet Information 7 Management Console is installed, by going to the Start button, clicking on Control Panel, and clicking on Turn Windows features on or off.
If you are prompted by UAC, go ahead and click OK.
4. You will find the component you want under Internet Informational Services -> Web Management Tools -> IIS Management Console. If it is checked then you are set, if it isn’t go ahead and install it so we can begin the next part!
5. Ok on to installing the IIS 7 Manager client, by navigating to where you downloaded the client and double click on the file to start the installation.
6. The first splash screen will show you that you are about to install IIS 7 Manager, so go ahead and click Next.
7. Accept the license terms by placing a check in the box, and then click Next.
8. Unless you have other plans, accept the default file location, and click Next.
9. With all the preliminaries out of the way click on Install to begin the installation.
10. When the installation routine finishes, go ahead and click Finish.
11. We can go in and see if the installed version has upgraded our IIS Management Console. Go into your Administration Tools, and click on Internet Information Services (IIS) Manager.
You may be prompted by UAC, click Ok if it does. If your install was successful you should see the console shown below:
How to Configure Management Service (WMSVC)
The main requirement on the server side is to be running Windows Server 2008 and have IIS 7 installed with IIS Management Service. We will now setup the server and firewall to allow connections remotely.
1. First check to see if the Management tools are installed on the server.
Go into Server Manager, expand Roles, and click on Web Server (IIS), in the main pane click on Add Role Services, and under Management Tools make sure that IIS Management Console & Management Service is installed and if they aren’t click next to both of them to install.
2. Open IIS Manager and expand out your Webserver, click on Management Service in the center pane.
3. In the Management Service panel you will see a notice in the right pane that WMSVC is stopped. This is a very important step because it needs to be stopped to be able to configure the service.
One of the key features of IIS 7 remote management is the ability to use either Windows credentials or IIS Manager Credentials.
Let’s go ahead and place a check next to Enable remote connections, and set the radio button to Windows credentials or IIS Manager credentials.
4. In the next section on Connections, you can assign the IP address, Port, SSL Certificate, and log location for the service to use.
In our case we are going to use the defaults, except for specifying the local IP. The default port for WMSVC is 8172, when it is installed it automatically installs a firewall rule for that port, but if you change the port make sure to note it for later use to configure the firewall.
The service uses a self generated SSL certificate but you can use a different one if you have already imported it to the certificate store.
5. You can also restrict administration based on IPv4 address, either denying specific addresses or only allowing from specific addresses.
In this case I am going to leave it open, and click on Apply on the right pane to submit the changes we have made.
6. Now let’s start the service by clicking on the Start button, in the right pane.
How to Remotely Administrate a IIS 7 Server
Now that we have finished the basic server and client side connections, let’s test out connecting remotely.
1. Start Internet Information Services (IIS) Manager on the client.
2. Click on the File menu and select Connect to a Server.
3. In the next screen type your IP address to your server and click Next.
4. Input your user credentials, in this instance I am using Windows authentication, so I am going to use my administrator account. Click Next after you’re done.
5. You may get an error about the certificate being issued to a different server, if you do just click through by hitting Connect.
6. After a second, you can name your connection to the server, I am using Test Web Server, after that click Finished.
7. One of the other new features is the self updating client. If you connect to a server that has updated binaries due to new features they will auto download to the client.
You can see an example of this below. Please note if you are connecting to a standard box you will not see this, I used this test server to Setup Secure FTP, so it has the updated FTP 7 binaries.
8. Success! You should now be connected remotely and be able to administer the IIS 7 server from your Vista client.
Summary
We have configured the basic needs for administrating IIS 7 web servers remotely from a Vista client. This included downloading and installing the client software, configuring the WMSVC service and configuring the server to accept remote connections.
In my next article we will discuss setting up an IIS Manager User and delegating rights to website owners without exposing them to other websites on the server.