I recently worked on an application that required we mirror content and configuration across multiple web servers running IIS 7.5 on Windows 2008r2. Because the server configuration in IIS for this application is relatively complicated, doing it over and over would not only be tedious but it would probably introduce some human error. While the possibility of human error is mitigated by the application’s detailed documentation, I looked for a more automated approach to the process.

Using IIS 7’s shared configuration management, it’s possible to replicate the content and configuration folders between web servers. As I worked through the steps of mirroring the content and server configuration for our application, I took notes on the process to create this guide for you to use the next time you approach a similar project.

You will need a domain account – or local account on each web server if your web servers aren’t joined to an Active Directory domain – which will be used to access the shared configuration. The account only accesses this configuration and a file share to store the configuration. Your web applications continue to run under whatever application pool identity you’ve set.

Assuming you’ve configured your IIS-based web server, we can start by exporting the configuration:

1. On the first web server that will host the shared configuration, create a directory and share it with full share and ntfs permissions to the service account you create. All other permissions should be removed.
2. In IIS manager, click on the server node in the left pane, then open “Shared Configuration” in the right pane.

   

3. Select the”Export Configuration” option on the right, store the export in the directory you created in step 1.

   

4. Create an encryption key. This key should be recorded, as it is needed for all nodes accessing the shared configuration.
5. After the configuration is exported, tick the ‘Enable shared configuration’ box, and enter the UNC path to the configuration and the username, domainserviceaccount and password for that account.

   

6. Press apply, and you will be prompted for the encryption key created in step 2.

   

7. Restart the server or run an iisreset to apply configuration. Check to ensure that IIS is still functioning and the IIS manager can be accessed.

After completing those steps, your web server will be running from the shared configuration, so the next step is to replicate the web content and configure all other web servers to work from the same configuration.

There are several ways of replicating the physical content, DFSR is one option, however I chose not to use it. The content on this application’s web servers is static, so frequent updates to the other nodes is unnecessary. Instead, I used robocopy – a built-in feature since Vista / Server 2008 – to mirror the content from the configured server to all others. This was executed on the web server receiving the content:

robocopy \configuredwebserverc$inetpubwwwroot c:inetpubwwwroot /MIR

Once the file content is in place, two quick steps are required to configure IIS to use the shared configuration:

1. In IIS manager, click on the server node in the left pane, then open “Shared Configuration” in the right pane.
2. Tick the ‘Enable shared configuration’ box. Enter the UNC path to the configuration as specified on the first web server.

   

3. Enter the username, domainserviceaccount and password for that account. Press apply and enter the encryption key.

   

4. Restart the IIS server to apply configuration, and check to ensure that IIS is still functioning and the IIS manager can be accessed.

You’re done. You’ve replicated all application pools and IIS configurations. If you have ODBC data sources – things external to IIS which your web applications are using – you will need to find a way to replicate these settings as well.

If the shared configuration is unavailable for any reason, IIS may act up. In Server 2008 (not R2), if the configuration disappears, IIS will essentially stop. In R2, the server will detect this, continue working and reconnect when the configuration source comes back online.

To safeguard against connectivity issues, enable offline files by following these steps:

1. On the web server, in “Control Panel,” open “Offline Files.”
2. In the Offline Files dialog box, click Enable Offline Files. Do not reboot the machine yet.
3. Ensure that the cache is set to read only by running the following command:
   REG ADD "HKLM\System\CurrentControlSet\Services\CSC\Parameters" /v ReadOnlyCache /t REG_DWORD /d 1 /f
4. Reboot the Web server.
5. Browse to the shared configuration folder on the web server. Right click and select “Always Available Offline”.
6. Go back to the “Offline Files” in “Control Panel” and select the “Schedule” option.

   The sync center option is available on Windows 2008 server only when Desktop experience is enabled. KB 951043: You cannot start Sync Center from Windows Explorer on a Windows Server 2008-based computer.

7. Schedule offline file sync every day or per your requirements. Even without setting up any scheduler, the moment I change anything in applicationhost.config file, it is reflected on the web server.

Hopefully this method should save you from a few headaches and give you another option when setting up multiple IIS 7 web servers. Being able to use the same configuration minimize deployment time and makes administration a breeze.

Let me know if you have any questions or would like any additional details about the process.

-Marlin