code iterat.ive.ly

IIS7 has this great new feature called Shared Configuration.  Except that it has a tendency to do horrible things which usually result in all the websites and application pools being removed from your server and your production website starting to serve 503 Service Unavailable errors.

For an innexplicable reason, Microsoft decided to kill the Export function from IIS7 in favor of this new feature.  But for those of us who don’t trust technology, we like to do things manually and to get a repeatable result that doesn’t update automatically when we least expect it.  Yes, I am the sort of person who wonders why the default Windows Update on servers is to Install and Reboot Automatically at 2am…

In any case, in a simple 3 step process you too can export and import your Internet Information Server 7 websites and app pools.

I will call the target server TWEB (this is the server where you want a duplicate configuration) and the source server SWEB (this is where the current configuration exists).

First, on TWEB make a backup copy of the files in C:\Windows\System32\inetsrv\config.  I just created a subfolder called “bak” and copied them.  This is very important.  If you forget or skip this step because backups are for sissies, you will be re-installing IIS7 in step 4.

Second, copy the AppliationHost.config from SWEB into the C:\Windows\System32\inetsrv\config folder on TWEB.  Also copy any application files like your c:\websites folder or whatever over to TWEB in the appropriate location if you haven’t already.

Third, on TWEB open both the new ApplicationHost.config and the backup ApplicationHost.config from step 1 and locate the <configProtectedData> node in the backup.  Copy that node and replace it into the new config file.

Fourth, if you didn’t backup the existing config file, remove the IIS role and add it back, then start at step 1.

Note: if you have custom accounts under which you’re running app pools (cuz you’re not using LocalSystem, right?) then you just need to go into the IIS Management Console and re-configure the passwords for those accounts.  They were encrypted with the other server’s AES keys so they won’t be valid on this server and the pools won’t start.

That’s it.  Hope that helps.  It should work the same for C# .NET applications (which is what I’m using) or just static websites or whatever.  But of course, you shouldn’t trust me.  Test it yourself first.

My new good-karma policy is that if I spend more than an hour tracking down a general bug or wacky configuration thing, I promise to blog the solution.