IIS Interview Questions

Fundamentals & Architecture

1. What is IIS (Internet Information Services)?

Answer: IIS is a flexible, secure, and manageable web server software developed by Microsoft. It runs on Windows operating systems to host websites, web applications (like ASP.NET), and other network services (like FTP). It processes incoming requests (HTTP, HTTPS, FTP, etc.) from clients and serves static content directly or passes dynamic requests to appropriate handlers (like the ASP.NET runtime) for processing before returning the response.

2. Explain the core architecture of IIS (Kernel Mode vs. User Mode).

Answer: IIS architecture has two main layers:

Kernel Mode (HTTP.sys): This is the operating system’s core layer. HTTP.sys (HTTP Protocol Stack) listens for HTTP/HTTPS requests directly from the network, validates them, queues them, and can serve responses directly from its cache for speed. It ensures requests are routed to the correct application pool queue without needing to involve user-mode processes for every request, enhancing performance and reliability.

User Mode: This layer contains the services that manage the server and the processes that execute application code. Key components include:

Windows Process Activation Service (WAS): Manages application pool configuration, creates, stops, starts, and recycles worker processes (w3wp.exe) as needed based on incoming requests or configured settings. It reads configuration from applicationHost.config.

WWW Publishing Service (W3SVC): Works with WAS and HTTP.sys. It configures HTTP.sys based on website bindings and application pool settings. It acts as a mediator between HTTP.sys and WAS for HTTP requests.

Worker Process (w3wp.exe): Hosts and executes the actual web application code (e.g., ASP.NET). Each application pool typically runs in its own isolated worker process.

3. What is the role of HTTP.sys in the IIS request pipeline?

Answer: HTTP.sys is a kernel-mode device driver. Its main roles are:

• Listening: It listens for incoming HTTP and HTTPS requests on configured IP addresses and ports.
• Request Parsing & Validation: Performs initial parsing and validation of requests.
• Request Queuing: Queues requests for the appropriate application pool. Each application pool registers with HTTP.sys.
• Response Caching: Can store and serve responses directly from its kernel-mode cache, bypassing user-mode processing entirely for cached content, significantly boosting performance.
• Connection Management & Throttling: Manages TCP connections and provides connection limiting and bandwidth throttling features.

4. What is the role of the Windows Process Activation Service (WAS)?

Answer: WAS is a fundamental component introduced in IIS 7.0. Its primary role is to manage the lifecycle of worker processes (w3wp.exe). It reads configuration data (especially application pool and site bindings) from applicationHost.config, starts worker processes on demand when the first request for an application pool arrives, stops them during idle periods, and recycles them based on configured rules (time intervals, memory limits, etc.). Crucially, WAS enables IIS to host protocols beyond HTTP (like Net.TCP, MSMQ) by handling process activation independently of the W3SVC.

5. What is a Worker Process (w3wp.exe)?

Answer: The worker process (w3wp.exe) is the user-mode process that actually runs web applications hosted on IIS. It loads the necessary runtime environments (like the .NET CLR for ASP.NET applications), processes requests passed to it by HTTP.sys via WAS/W3SVC, executes application code, and sends the response back. Each application pool runs within one or more instances of w3wp.exe, providing process isolation.

6. What protocols does IIS support?

Answer: IIS natively supports several protocols, including HTTP, HTTPS (HTTP Secure with SSL/TLS encryption), FTP (File Transfer Protocol), FTPS (FTP Secure), SMTP (Simple Mail Transfer Protocol – for relaying email, though less common now), and NNTP (Network News Transfer Protocol – largely legacy). Through WAS, it can also host WCF services over non-HTTP protocols like TCP, Named Pipes, and MSMQ.

7. Can you name different versions of IIS and the corresponding Windows OS they primarily shipped with?

Answer:

• IIS 5.0: Windows 2000
• IIS 5.1: Windows XP Professional
• IIS 6.0: Windows Server 2003
• IIS 7.0: Windows Server 2008 & Windows Vista
• IIS 7.5: Windows Server 2008 R2 & Windows 7
• IIS 8.0: Windows Server 2012 & Windows 8
• IIS 8.5: Windows Server 2012 R2 & Windows 8.1
• IIS 10.0: Windows Server 2016/2019/2022 ¹ & Windows 10/11 (Note: IIS 10.0 has received feature updates with different Windows builds).  
• 1. ahora.freshdesk.com

  ahora.freshdesk.com

8. What was the significance of the architectural changes from IIS 6.0 to IIS 7.0?

Answer: IIS 7.0 marked a major redesign:

• Modular Architecture: IIS 7.0 introduced a highly componentized architecture. Features like authentication, compression, caching, etc., became separate modules that could be added or removed, reducing the attack surface and memory footprint.
• Integrated Pipeline: ASP.NET integration changed from an ISAPI model (IIS 6) to a directly integrated request pipeline, allowing ASP.NET modules to run for all types of content, not just ASP.NET pages.
• WAS Introduction: Decoupled HTTP process activation from W3SVC, enabling hosting of non-HTTP WCF services.
• XML-Based Configuration: Replaced the proprietary Metabase (MetaBase.bin) with a hierarchical XML-based configuration system (applicationHost.config, web.config).
• Improved Management Tools: Introduced a new IIS Manager GUI and the AppCmd.exe command-line tool.

Configuration & Management

9. What is the applicationHost.config file?

Answer: applicationHost.config is the root configuration file for IIS 7.0 and later. Located in %windir%\system32\inetsrv\config\, it contains global settings for the web server, including definitions for all sites, applications, virtual directories, application pools, global module registrations, logging settings, and default values for various features.

10. What is the purpose of web.config files?

Answer: web.config files provide configuration settings specific to a particular website, application, or virtual directory within IIS. They allow developers to override or supplement global settings defined in applicationHost.config or parent web.config files. Common uses include configuring ASP.NET settings, connection strings, request filtering rules, URL rewrite rules, custom error pages, and module settings specific to the application level.

11. What is a Virtual Directory in IIS?

Answer: A virtual directory is an alias or friendly name within a website’s URL structure that maps to a physical directory located elsewhere on the server or on a network share. It allows content to be organized logically within the website URL space, even if the physical files reside in different locations. For example, www.example.com/images could be a virtual directory pointing to D:\SiteContent\Images.

12. What is the difference between a Web Application and a Virtual Directory in IIS?

Answer: While both map a URL path to a physical directory, a Web Application represents a distinct execution boundary within IIS. It typically runs in its own Application Domain within the worker process (providing memory isolation from other applications in the same app pool) and can have its own specific settings (like web.config). A Virtual Directory is simply a pointer to content; it runs within the context of its parent application unless specifically configured as an application itself. You create an Application to host executable code (like ASP.NET), while a Virtual Directory might just serve static files or content referenced by the parent application.

13. How can you host multiple websites on the same IP address and port (e.g., port 80)?

Answer: This is achieved using Host Headers (also known as Host Names). When creating or editing the website bindings in IIS Manager, you specify the IP address (or “All Unassigned”), the port (e.g., 80), and a unique Host Name (e.g., www.site1.com, www.site2.com). When a browser sends a request, it includes the host name in the HTTP Host header. IIS uses this header value, along with the IP address and port, to route the request to the correct website. DNS must be configured correctly to point both host names to the server’s IP address.

14. What is IIS Manager?

Answer: IIS Manager is the primary graphical user interface (GUI) tool provided by Microsoft for managing and configuring IIS. It allows administrators to perform tasks such as creating and managing websites, applications, virtual directories, and application pools; configuring settings like authentication, SSL certificates, logging, compression, default documents, error pages; managing modules; and monitoring server performance.

15. What is AppCmd.exe?

Answer: AppCmd.exe is a command-line utility introduced with IIS 7.0 for managing IIS. It allows administrators to perform almost any task available in the IIS Manager GUI, such as creating/deleting sites and app pools, managing configuration settings, querying runtime state (like active worker processes), and taking backups. It’s particularly useful for scripting and automating IIS management tasks. It’s located in %windir%\system32\inetsrv\.

16. What is IIS Shared Configuration?

Answer: Shared Configuration is a feature primarily used in web farm scenarios. It allows multiple IIS servers in a farm to share a single, centralized set of configuration files (applicationHost.config and related encryption keys) stored on a network share (UNC path). This ensures configuration consistency across all servers in the farm, simplifying management as changes made on one server (or directly to the shared files) apply to all.

Application Pools

17. What is an Application Pool?

Answer: An Application Pool is a container in IIS that isolates one or more web applications under a specific set of configurations and runs them within one or more dedicated worker processes (w3wp.exe). This isolation is key for security, reliability, and performance. If one application pool crashes or misbehaves, it generally doesn’t affect applications running in other pools.

18. Why use multiple Application Pools?

Answer: Using multiple application pools provides several benefits:

• Isolation & Reliability: If an application in one pool crashes the worker process, applications in other pools remain unaffected.
• Security: Each pool can run under a different security identity (user account), limiting the potential damage if one application is compromised. Access to file system resources, databases, etc., can be restricted per identity.
• Performance Management: Different pools can have different performance settings (e.g., CPU limits, memory limits, recycling settings) tailored to the needs of the hosted applications.
• Version Compatibility: Allows hosting applications requiring different versions of the .NET Framework (e.g., v2.0/3.5 vs. v4.x) or different pipeline modes (Classic vs. Integrated) on the same server.

19. Explain Application Pool Identities.

Answer: The Application Pool Identity is the Windows user account under which the application pool’s worker process (w3wp.exe) runs. This determines the security context and permissions the application has when accessing resources like files, network shares, or databases. Common identities include:

• ApplicationPoolIdentity (Recommended Default): A virtual account dynamically created with the same name as the application pool (e.g., “IIS AppPool\DefaultAppPool”). It’s a managed, low-privilege account, enhancing security. Access control lists (ACLs) need to be granted to this virtual account specifically.
• NetworkService: A built-in, low-privilege account with network access credentials (uses the computer account on the network).
• LocalService: Similar to NetworkService but has minimal privileges on the local machine and anonymous network access.
• LocalSystem: A built-in, highly privileged account. Not recommended due to security risks.
• Custom Account: A specific domain or local user account. Useful when the application needs specific permissions associated with that user, but requires password management.

20. What is Application Pool Recycling? What triggers it?

Answer: Application Pool Recycling is the process of automatically stopping and restarting the worker process(es) associated with an application pool. This helps maintain application health and stability by reclaiming resources (like memory) that might have been leaked or fragmented over time, resolving hung processes, or applying certain configuration changes. Common triggers include:

• Regular Time Interval: Recycling every X minutes (e.g., 1740 minutes default).
• Specific Time(s): Recycling at scheduled times daily.
• Virtual Memory Usage: Recycling when the process exceeds a certain virtual memory threshold.
• Private Memory Usage: Recycling when the process exceeds a certain private memory (physical RAM allocated) threshold.
• Request Limit: Recycling after processing a specific number of requests.
• Configuration Changes: Certain changes to web.config or global settings might trigger a recycle.
• On-Demand: Manual recycling via IIS Manager or AppCmd.

21. What is Overlapped Recycling?

Answer: Overlapped recycling is the default recycling method in IIS. When a recycle is triggered, IIS starts a new worker process before terminating the old one. The new process starts taking new requests, while the old process is given a configurable amount of time (Shutdown Time Limit) to finish processing any existing requests it was handling. Once the old process finishes or the time limit expires, it’s terminated. This ensures minimal downtime and prevents interruption for users currently connected during the recycle.

22. What is a Web Garden? What are its potential pros and cons?

Answer: A Web Garden is an application pool configured to run with multiple worker processes (w3wp.exe instances) on a single server.

• Pros: Can potentially improve performance and responsiveness for applications that are CPU-bound (by utilizing multiple CPU cores) or applications that experience blocking waits (allowing other processes to handle new requests). Can increase fault tolerance; if one worker process crashes, others can continue serving requests.
• Cons: Increases overall memory consumption as each process has its own overhead. Can cause issues with in-process session state (session data stored in one w3wp.exe isn’t available to others) and in-process caching, requiring out-of-process solutions (like State Server, SQL Server, or Distributed Cache). It doesn’t distribute load intelligently based on process health or load, just round-robins requests. Often, optimizing code or using asynchronous patterns is a better solution than enabling a web garden.

23. What is the difference between Integrated and Classic Pipeline modes in Application Pools?

Answer:

• Integrated Mode: (Default for IIS 7+) ASP.NET runtime is tightly integrated into the main IIS request processing pipeline. ASP.NET modules (both native and managed) can participate in the pipeline for all requests (HTML, images, ASP.NET pages, etc.) and execute at various defined stages. This offers more flexibility and power.
• Classic Mode: Mimics the older IIS 6.0 ISAPI model. IIS processes requests first through native modules, and only requests mapped specifically to the ASP.NET ISAPI extension (aspnet_isapi.dll) are passed to the separate ASP.NET runtime for processing. Managed modules only run for ASP.NET requests. This mode is primarily for backward compatibility with older applications not designed for Integrated mode.

Security

24. What are the common authentication methods available in IIS? Briefly describe them.

Answer:

• Anonymous Authentication: Allows access without prompting for credentials. Requests run under a specific guest account (typically IUSR). Used for public content.
• Basic Authentication: Prompts the user for a username and password, which are sent in plain text (Base64 encoded, easily decoded) over the network. Only secure when used over HTTPS.
• Digest Authentication: Similar to Basic, but sends a hash of the password instead of the password itself, offering more security than Basic over HTTP. Requires Active Directory domain controllers. Less common now.
• Windows Authentication (Integrated): Uses Kerberos or NTLM protocols to authenticate users based on their Windows domain login. Credentials are not explicitly sent. Best suited for intranet environments where users are logged into a domain.
• Forms Authentication: A non-IIS native method managed by ASP.NET. Redirects unauthenticated users to a custom login form (HTML page). Manages authentication via cookies. Requires application-level implementation.
• Client Certificate Authentication: Requires users to present a valid client-side SSL certificate to the server for authentication. Provides strong authentication, often used in B2B or high-security scenarios.

25. What is Authorization in IIS? How does it differ from Authentication?

Answer:

• Authentication is the process of verifying who a user is (proving their identity).
• Authorization is the process of determining what an authenticated user is allowed to do (checking their permissions).
• In IIS, after a user is authenticated (e.g., via Windows Authentication), Authorization Rules (configured via .NET Authorization Rules or URL Authorization Rules features) are used to grant or deny access to specific resources (files, folders) based on the user’s identity or their group memberships.

26. How do you configure SSL/TLS in IIS to enable HTTPS?

Answer:

• Obtain an SSL Certificate: Get a certificate from a trusted Certificate Authority (CA) or create a self-signed certificate (for testing/internal use).
• Install the Certificate: Import the certificate into the server’s certificate store (Local Computer > Personal > Certificates) using the Certificates MMC snap-in or IIS Manager.
• Create HTTPS Binding: In IIS Manager, select the website, go to Bindings, click Add. Choose ‘https’ as the type, select the server’s IP address (or ‘All Unassigned’), leave the port as 443 (default for HTTPS), and select the installed SSL certificate from the dropdown list.
• (Optional) Require SSL: In SSL Settings for the site/application, check ‘Require SSL’ to force all traffic over HTTPS, automatically redirecting HTTP requests.

27. What is Request Filtering in IIS? Give some examples.

Answer: Request Filtering is a security module in IIS that inspects incoming HTTP requests and blocks those that potentially pose a threat based on configured rules. It helps mitigate common web attacks. Examples of filtering rules include:

• File Extensions: Denying requests for specific file extensions (e.g., .bak, .config, .log).
• URL Sequences: Denying requests containing dangerous character sequences (e.g., .. for directory traversal, /./).
• HTTP Verbs: Allowing only specific HTTP methods (e.g., GET, POST) and denying others (e.g., TRACE, DEBUG).
• Headers: Filtering requests based on the presence, absence, or size of specific HTTP headers.
• Query Strings: Denying requests with specific patterns in the query string.
• Request Limits: Setting maximum allowed sizes for URLs, query strings, or total request length.

28. What is the purpose of the IUSR account?

Answer: The IUSR account is a built-in Windows account used by IIS as the default identity for Anonymous Authentication. When a user accesses public content without providing credentials, the request is processed under the security context of the IUSR account. Permissions for website content need to be granted to this account (or the specific Application Pool Identity if that’s used for anonymous access).

29. How can you restrict access to a website based on IP address?

Answer: Use the IP Address and Domain Restrictions feature in IIS Manager. You can configure rules to either ‘Allow’ access only from specific IP addresses or ranges (implicitly denying all others) or to ‘Deny’ access from specific malicious IP addresses or ranges (implicitly allowing all others). This can be configured at the server, site, or application level.

Performance & Scalability

30. How can IIS improve performance using Caching? Mention different types.

Answer: Caching stores frequently accessed content closer to the user or in faster memory, reducing server load and response times. IIS utilizes caching in several ways:

• Kernel Mode Cache (HTTP.sys Cache): HTTP.sys can cache responses entirely in kernel mode. Subsequent requests for the same resource can be served directly from this cache without transitioning to user mode, offering significant performance gains for static files or dynamically generated responses marked as cacheable.
• IIS Output Caching (User Mode): This feature caches dynamically generated responses (like those from ASP.NET pages) in user mode memory within the worker process. It can cache based on URL, headers, or query string parameters. Configured through the ‘Output Caching’ feature in IIS Manager or web.config.
• ASP.NET Output Caching: Developers can implement finer-grained caching within their ASP.NET applications using directives (<%@ OutputCache %>) or APIs to cache entire pages or parts of pages (fragment caching).

31. What is Compression in IIS and why use it?

Answer: Compression (typically Gzip or Brotli) reduces the size of response data (like HTML, CSS, JavaScript files) sent from the server to the client’s browser. This decreases bandwidth usage and speeds up download times, especially for users on slower connections. IIS can be configured to compress static files (pre-compressing them and storing them) and dynamic content (compressing on-the-fly as responses are generated). It’s configured via the ‘Compression’ feature in IIS Manager.

32. What is a Web Farm? How does it differ from a Web Garden?

Answer:

• Web Farm: A group of multiple physical or virtual servers, each running an instance of the same website/application, working together behind a load balancer. The load balancer distributes incoming client requests across the servers in the farm. This provides high availability (if one server fails, others take over) and scalability (capacity can be increased by adding more servers).
• Web Garden: An application pool configured with multiple worker processes on a single server.
• Difference: A web farm involves multiple servers for scalability and redundancy, managed by an external load balancer. A web garden involves multiple processes on one server, primarily for utilizing multi-core CPUs or handling blocking calls on that single machine, and doesn’t provide server-level redundancy.

33. What is Application Request Routing (ARR)?

Answer: Application Request Routing (ARR) is an IIS extension that enhances IIS capabilities, turning it into a powerful load balancer, reverse proxy, and caching proxy. Key uses include:

• Load Balancing: Distributing requests across multiple backend web servers in a web farm based on various algorithms (round robin, least connections, etc.).
• Reverse Proxy: Acting as an intermediary that forwards client requests to backend servers, hiding the backend infrastructure and potentially handling SSL offloading or URL rewriting.
• Health Checking: Monitoring the health of backend servers and routing traffic away from unresponsive ones.
• Disk Caching: Caching content retrieved from backend servers to serve subsequent requests faster.

34. Explain the concept of Load Balancing in the context of IIS.

Answer: Load balancing distributes incoming network traffic across multiple servers (a web farm) hosting the same application content. This prevents any single server from becoming overwhelmed, improving overall performance, responsiveness, and availability. Load balancers can be hardware appliances (like F5 BIG-IP) or software-based (like IIS ARR, HAProxy, Nginx). They use algorithms (e.g., Round Robin, Least Connections, IP Hash) to decide which backend server should handle each incoming request and often perform health checks to ensure requests are only sent to healthy servers.

35. How can you tune IIS performance regarding connection limits and queue lengths?

Answer: Several settings affect connection handling:

• Maximum Concurrent Connections (Site Level): In a site’s Advanced Settings > Limits, this defines the maximum number of simultaneous connections IIS allows for that site. The default is typically very high (effectively unlimited). Lowering it might prevent resource exhaustion but could also reject legitimate users under heavy load.
• Application Pool Queue Length (App Pool Level): In an Application Pool’s Advanced Settings > General, this determines how many requests HTTP.sys will queue for the pool if all worker process threads are busy. If the queue fills, new requests typically receive a 503 Service Unavailable error. Increasing it might handle bursts better but can mask underlying performance issues and increase latency if requests wait too long in the queue.
• MaxConcurrentRequestsPerCPU (ASP.NET Setting): In aspnet.config or machine.config, this (for .NET 4.x+) limits the number of concurrent ASP.NET requests per CPU core. Tuning this requires careful testing based on application behavior (CPU-bound vs. I/O-bound).
• Tuning these requires monitoring performance counters (like ASP.NET\Requests Queued, HTTP Service Request Queues\CurrentQueueSize, Process\Thread Count) under load to find optimal values.

Troubleshooting & Logging

36. Where are IIS log files typically located? What information do they contain?

Answer: By default, IIS log files (using the W3C Extended Log File Format) are located in %SystemDrive%\inetpub\logs\LogFiles\W3SVC#, where # is the unique ID of the website (e.g., W3SVC1 for the Default Web Site). They contain detailed records of each request processed by IIS, including: date, time, client IP address, user name (if authenticated), requested URL (URI Stem & Query), HTTP method (GET/POST), HTTP status code (200, 404, 500, etc.), time taken, bytes sent/received, user agent, referrer, and more depending on the configured fields.

37. How would you troubleshoot an HTTP 500 Internal Server Error in an IIS-hosted application?

Answer:

• Check Event Viewer: Look in the Windows Event Viewer (Application Log and System Log) for detailed error messages related to ASP.NET, WAS, or the application itself. ASP.NET often logs detailed stack traces here.
• Enable Detailed Errors: Temporarily enable detailed error messages to be sent to the client (either for remote requests via web.config‘s <httpErrors errorMode="Detailed"> setting or by Browse locally on the server). This often shows the exact error message and stack trace in the browser. Disable this in production afterwards for security.
• Review IIS Logs: Check the IIS logs for the specific request to see the exact sub-status code (e.g., 500.19 indicates a configuration error, 500.0 might be application code).
• Check Application Logs: Review any custom logging implemented within the application itself.
• Check Configuration: If the sub-status is 500.19, validate web.config and applicationHost.config for syntax errors or invalid configuration sections. Ensure required IIS modules are installed.
• Permissions: Verify the Application Pool identity has the necessary permissions to access files, folders, or other resources the application needs.
• Debugging: Attach a debugger (like Visual Studio’s remote debugger) to the w3wp.exe process to step through the code if the error originates within the application logic.

38. What commonly causes an HTTP 503 Service Unavailable error in IIS?

Answer: Common causes include:

• Application Pool Stopped: The application pool hosting the site is explicitly stopped or disabled in IIS Manager.
• Application Pool Crashing: The worker process (w3wp.exe) is repeatedly crashing due to application errors, rapid-fail protection might have stopped the pool. Check Event Viewer for crash details.
• Application Pool Identity Issue: The configured identity for the application pool has an expired password, is locked out, or lacks necessary permissions (e.g., logon rights).
• Resource Exhaustion: The server is overloaded (CPU, Memory), or the application pool queue length (Queue Length setting) has been exceeded because the application cannot process requests fast enough.
• Configuration Errors During Startup: Errors in applicationHost.config or related files prevent WAS from starting the worker process correctly.
• Port Conflict: Another service might be trying to use the same port IIS is configured for (less common for 503, often prevents site startup).
• URL ACL Issues: (Less common) Problems with HTTP.sys URL reservations (netsh http show urlacl).

39. What is the iisreset command? When should/shouldn’t you use it?

Answer: iisreset is a command-line utility that stops and then restarts all IIS-related services (including W3SVC, WAS, and potentially others like FTP).

• When to Use: It’s often used as a quick way to try and resolve widespread IIS issues or apply certain deep system-level changes affecting IIS. It can sometimes clear hung processes or states.
• When NOT to Use (Generally): It’s a very heavy-handed approach. It stops all websites and application pools, causing downtime for every application hosted on the server, not just the one potentially having issues. It doesn’t provide granular control. Recycling a specific Application Pool via IIS Manager or AppCmd.exe is usually the preferred first step for application-specific issues as it only affects that pool and allows for overlapped recycling to minimize downtime. iisreset should typically be a last resort for troubleshooting.

40. How can you identify which w3wp.exe process corresponds to which Application Pool?

Answer: Use the AppCmd.exe command-line tool. Run the command:

%windir%\system32\inetsrv\appcmd list wp

This command lists all currently running worker processes (wp), showing their Process ID (PID) and the name of the Application Pool they belong to. You can then use the PID in tools like Task Manager or Performance Monitor. Alternatively, the iisapp.vbs script (older method) or Task Manager (by adding the ‘Command Line’ column which shows the app pool ID) can also be used.

41. What is Failed Request Tracing (FRT or FREB)?

Answer: Failed Request Tracing (also known as FREB – Failed Request Event Buffering) is a powerful diagnostic feature in IIS 7+. It allows you to capture detailed trace logs for requests that meet specific failure criteria (e.g., requests taking too long, requests resulting in specific HTTP status codes like 401, 404, 500). The trace logs provide a step-by-step view of how IIS and integrated modules processed the request, including timestamps, module events, status code changes, and relevant configuration details, making it invaluable for diagnosing complex errors. It’s configured per-site under the ‘Failed Request Tracing Rules’ feature.

42. How can you remotely debug an application running on IIS?

Answer: Remote debugging allows developers to attach a debugger (like the one in Visual Studio) to the w3wp.exe process running on the IIS server from their development machine. The primary tool for this is the Visual Studio Remote Debugger (msvsmon.exe).

Install the correct version of msvsmon.exe on the IIS server.

• Run msvsmon.exe as an administrator on the server. Configure its options (e.g., Authentication mode – Windows or No Authentication, port). Ensure firewall rules allow communication on the chosen port.
• In Visual Studio on the development machine, go to Debug > Attach to Process.
• Set the ‘Transport’ to ‘Remote (no authentication)’ or ‘Remote (Windows Authentication)’ depending on the msvsmon configuration.
• Enter the ‘Qualifier’ as <ServerName>:<Port> (e.g., MyWebServer:4026).
• Select the target w3wp.exe process (use appcmd list wp on the server to identify the correct PID if needed).
• Click ‘Attach’. Now you can set breakpoints and debug the application running on the remote IIS server.

Advanced Concepts

43. What is the IIS URL Rewrite Module? Give common use cases.

Answer: The URL Rewrite module is a powerful IIS extension that allows administrators and developers to modify request URLs based on defined rules before they are processed by the web server. Common uses include:

• Creating User-Friendly/SEO-Friendly URLs: Rewriting URLs like product.aspx?id=123 to /products/123.
• Enforcing Canonical Hostnames: Redirecting example.com to www.example.com.
• Forcing HTTPS: Redirecting HTTP requests to HTTPS.
• Blocking Requests: Blocking access based on patterns in the URL, user agent, or IP address.
• Reverse Proxy: Acting as a frontend to rewrite and forward requests to backend servers (often used in conjunction with ARR).
• Handling Moved Content: Redirecting old URLs to new locations (301 redirects).

44. How does URL Rewrite differ from a Reverse Proxy (like ARR)?

Answer: While URL Rewrite can be used to implement a reverse proxy, they are conceptually different:

• URL Rewrite: Focuses on manipulating the URL requested by the client. It can change the path, query string, or hostname before IIS determines how to handle the request internally (e.g., mapping it to a file or another handler). It can also issue redirects back to the client.
• Reverse Proxy (using ARR & URL Rewrite): Focuses on forwarding the client’s request (potentially after rewriting the URL) to a different, backend server. It acts as an intermediary, receiving the request from the client and making a new request to the backend server on the client’s behalf. The client only ever communicates directly with the reverse proxy server. ARR adds capabilities like load balancing, health checking, and affinity specifically for this proxying scenario.

45. What are IIS Modules? How do Native and Managed modules differ?

Answer: IIS Modules are individual components that perform specific tasks during the request processing pipeline. IIS 7+ has a modular architecture where features are implemented as modules.

• Native Modules: Written in C/C++ and have direct access to the core IIS pipeline APIs. They typically handle core functions like authentication (Windows Auth, Basic Auth), compression, request filtering, static file handling, and logging. They run directly within the worker process.
• Managed Modules: Written using .NET (C#, VB.NET) and run within the .NET CLR hosted by the worker process. They hook into the integrated pipeline stages. Examples include ASP.NET modules for Forms Authentication, Session State, Output Caching, and custom application-specific logic. Managed modules can handle events for all types of requests in Integrated mode.

46. What are ISAPI Filters and ISAPI Extensions? (Primarily IIS 6 and Classic Mode)

Answer: These were the primary extensibility mechanisms before the integrated pipeline and modules of IIS 7+.

• ISAPI Filters: DLL files that could examine and modify every incoming request and outgoing response handled by IIS. They were used for tasks like custom authentication, compression, logging, or URL rewriting. They registered for specific event notifications (e.g., reading raw data, pre-processing headers).
• ISAPI Extensions: DLL files designed to handle requests for specific file types (e.g., .aspx was handled by aspnet_isapi.dll). They acted as the core processing engine for dynamic content frameworks like classic ASP and early ASP.NET. IIS invoked the extension when a request matched its registered file type.

47. What is the IIS Metabase (IIS 6.0 and earlier)? How does it compare to the IIS 7+ configuration system?

Answer: The IIS Metabase was the primary configuration store for IIS 6.0 and earlier versions. It was a hierarchical, proprietary binary database (typically MetaBase.bin located in %windir%\system32\inetsrv) that stored all IIS settings.

Comparison:

• Format: Metabase was binary; IIS 7+ uses human-readable XML (applicationHost.config, web.config).
• Editing: Metabase required specific APIs (Admin Base Objects – ABO) or tools like adsutil.vbs or IIS Manager; IIS 7+ config can be edited with text editors (though care is needed) or managed via IIS Manager, AppCmd, PowerShell, or Managed APIs.
• Delegation: Metabase had limited delegation capabilities; IIS 7+ has a robust, hierarchical delegation model allowing specific settings to be controlled at site/application levels via web.config.
• Extensibility: Easier to extend the configuration schema in IIS 7+.
• Backup/Restore: XML files are generally easier to backup, restore, and version control.

48. Explain HTTP Strict Transport Security (HSTS) and how it relates to IIS.

Answer: HSTS (HTTP Strict Transport Security) is a web security policy mechanism. When a website enables HSTS, it tells browsers (via an HTTP response header Strict-Transport-Security) that they should only interact with the site using HTTPS, never HTTP. The browser then automatically converts any future HTTP requests to HTTPS requests before sending them. This helps prevent protocol downgrade attacks and cookie hijacking. In IIS, HSTS is configured by adding the Strict-Transport-Security custom HTTP response header (e.g., Strict-Transport-Security: max-age=31536000; includeSubDomains) via the ‘HTTP Response Headers’ feature in IIS Manager or web.config.

49. What is Server Name Indication (SNI) and why is it important for HTTPS hosting?

Answer: SNI (Server Name Indication) is an extension to the TLS protocol. It allows the client (browser) to indicate which hostname it is trying to connect to at the very beginning of the TLS handshake process. This is crucial for hosting multiple HTTPS websites, each with its own SSL certificate, on a single IP address and port (443). Without SNI, the server wouldn’t know which site the client was trying to reach before the encrypted connection was established, making it impossible to present the correct certificate. SNI allows the server to inspect the requested hostname and select the appropriate certificate, enabling efficient multi-tenant HTTPS hosting on shared IPs. IIS has supported SNI since IIS 8.0 (Windows Server 2012).

50. What are some key performance counters to monitor for IIS health and performance?

Answer: Key counters include:

• Web Service Cache\File Cache Hits %: High percentage indicates effective static file caching.
• HTTP Service Request Queues\CurrentQueueSize: Monitor queues for specific application pools. A consistently growing queue indicates the application can’t keep up. (Monitor ASP.NET\Requests Queued for ASP.NET specific queue).
• Process(w3wp)\% Processor Time: CPU usage per worker process. High usage might indicate inefficient code or need for scaling.
• Process(w3wp)\Private Bytes: Memory usage per worker process. Monitor for memory leaks (steadily increasing usage that doesn’t decrease).
• Process(w3wp)\Thread Count: Number of threads used by the worker process.
• .NET CLR Memory(w3wp)\% Time in GC: High percentage indicates excessive time spent in Garbage Collection, potentially due to memory pressure.
• ASP.NET Applications\Requests/Sec: Throughput of ASP.NET requests.
• ASP.NET\Request Wait Time: Average time requests spend waiting in the queue.
• Network Interface\Bytes Total/sec: Overall network traffic on the server NIC.