Backing up and restoring IIS 7.0 shared configuration

I blogged a long time back about using AppCmd to back up and restore IIS 7.0 server configuration.

 

Bill also just posted about backing up and restoring configuration, where he does a great job of telling you why you need to make backups and the options you got between manual AppCmd backups and leveraging automatic Configuration History service backups.

 

This reminded me of a question I often get about backing up and restoring configuration when IIS 7.0 is being used in the Shared Configuration mode.  In this mode, the applicationHost.config file is stored on a UNC share to allow multiple IIS 7.0 servers to share a single configuration file.

 

Let me answer this question by way of illustrating what happens when you run "AppCmd Add Backup" when the IIS 7.0 server is using local configuration (default), vs shared configuration.

 

In the local configuration case, the tool will back-up the following files in the %windir%\system32\inetsrv directory:

  1. config\applicationHost.config
  2. config\administration.config
  3. config\redirection.config
  4. config\metabase.xml
  5. config\mbschema.xml
  6. All custom schema files under the config\schema directory


In the shared configuration case, the tool does the same thing.

 

So, what’s my point? It’s simply that AppCmd backup commands always work with backups of the local server configuration.

 

This means that in the shared configuration case, the tool WILL NOT back up or restore the configuration located on the UNC share. However, it will back up and restore the local redirection.config file, which contains the details about where the shared configuration file is located.

 

So, if you were using local configuration at the time of backup, then moved to shared configuration, and then restored the backup, you’ll be back to your local configuration. If you were using shared configuration at the time of backup, then moved to local, then restored, you’d be back to using shared configuration (whatever it may be at this time), and your local applicationHost.config will be reset to the one saved at time of backup.

 

There is a specific reason for this design.  Imagine this scenario – you have a web farm with multiple servers using a single shared configuration file.  At some point, someone starts having trouble with one of the servers, and restores a prior configuration backup – all of a sudden, all other servers are falling over because their configuration has been reset to a configuration state that is local to the one server. Besides the fact that this could be unexpected and undesired, it could also cause all kinds of serious issues, including encryption key mismatches and configuration for features that are not installed on other web farm servers.

 

In addition to this, be aware that the Configuration History service will not back up configuration when in shared configuration mode.

 

So, moral of the story is, when using shared configuration, it is your responsibility to manage the backups of the shared configuration files.

 

With that in mind:

 

* DO perform manual backups with AppCmd (or use scheduled tasks, etc) to back up the local state even when using shared configuration. This way, you can restore the redirection.config details later if needed.

* DO perform manual backups of the shared configuration each time you make changes (or on a regular schedule), and perform manual copy of those files to the share to restore the web farm’s configuration.

* DO NOT expect to restore the web farm’s configuration by using AppCmd restore backup commands.

 

You can still depend on the local backup facilities to restore your server to its original local state, or restore the shared configuration settings as needed.

 

The only caveat to this is that if you are directly sharing configuration of one of the servers to other servers (so it’s effectively local for the “master” server), then backup/restore operations on that server will affect the entire web farm. However, I do not generally recommend doing this has its own set of limitations out of the scope of this post.

 

Hopefully this clarifies things a bit.

 

Thanks,

 

Mike

 

 

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Published 25 March 08 02:41 by Mike Volodarsky
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# MVolo's Blog said on April 1, 2008 1:54 PM:

Bill's recent post reminded me of a question I often get about backing up and restoring configuration

# Chris J. said on April 6, 2008 11:25 PM:
Thanks for this post. Can you say at least something about the caveat/limitations you mention in the last paragraph? Just a ballpark of what they are. Also, do you have any recommendations to handle the failure of the master server in a shared configuration setting -- so that using shared configuration doesn't result in a single point of failure?
# Turkey said on July 31, 2008 2:37 AM:
Thanx You.. Perfect Docs
# Balássy György (MSDNKK) said on March 27, 2009 5:04 AM:

Az IIS 7 egyik legfontosabb architekturális újdonsága, hogy a webkiszolgáló beállításai XML formátumú

# Homer_J said on June 12, 2009 3:05 PM:
In IIS6, if you didn't backup the metabase with a password it wouldn't let you restore it to a different server (since the encryption keys wouldnt match). Is this an issue with IIS7 or shared configuration you talk about?
# MaxASPSteve said on April 25, 2010 1:07 PM:
I have a question: I ran appcmd add backup "redirect" on an IIS7.5 machine with shared config enabled, and in the backup folder there are copies of all the config files (administration.config, applicationhost.config, and redirection.config). In your post, you indicate that appcmd backups when on shared config will only backup the redirection.config file. Since my environment settings are not likely to change (with respect to configuration storage, backup, and restore), I only see reason to have one copy of this file. However, what I am concerned about is that running appcmd restore backup "redirect" will also restore the other configuration files in that folder (I am positive it will), and that copy will be much older than any backups I have made of the UNC shared config location (or the configHistory backup set). I suppose a better strategy would be to restore the good admin and apphost.config's, then copy the redirect file from the backup into C:\Windows\System32\inetsrv\config? I haven't found a way to specify individual file restores (such as only restore apphost) using appcmd.
# MaxASPSteve said on April 25, 2010 1:10 PM:
Also I noticed that the configHistory does work on shared config, you also indicate here that it won't. Is that a change in 7.5?
# IIS said on August 6, 2010 8:18 AM:

Áttekintés Az IIS 7 egyik legfontosabb architekturális újdonsága, hogy a webkiszolgáló beállításai XML

# IIS said on August 9, 2010 6:36 AM:
Áttekintés Az IIS 7 egyik legfontosabb architekturális újdonsága, hogy a webkiszolgáló beállításai XML
# IIS said on August 9, 2010 6:55 AM:
Áttekintés Az IIS 7 egyik legfontosabb architekturális újdonsága, hogy a webkiszolgáló beállításai XML
# IIS said on September 16, 2010 8:15 AM:

Áttekintés Az IIS 7 egyik legfontosabb architekturális újdonsága, hogy a webkiszolgáló beállításai XML

# said on April 29, 2011 4:47 AM:

Chaussures Nike Sale: http://www.maxpascher.com

Leave a Comment

(required) 
(optional)
(required) 
Enter the code you see below


About Mike Volodarsky

For the past 5 years, I was the core Program Manager for Microsoft ASP.NET 2.0 and IIS 7.0 products. I drove the design and development of the IIS 7.0 web server core, the IIS FastCGI support, the AppCmd command line tool, the ASP.NET Integrated pipeline, and other special projects around server security, performance, and scalability. Now, I am working on my own on cutting edge web server tech on top of the Microsoft IIS platform, and continue blogging about it here.

About me



Until 2008, I was the core server Program Manager for the IIS 7.0 and ASP.NET 2.0 products at Microsoft.


View Michael Volodarsky's profile on LinkedIn


This is my company. We build expert performance and scalability tech for web applications on the Windows Server stack.
LeanServer Sentinel: Explore and instantly diagnose your production ASP.NET applications Sentinel beta starts on August 3rd! Register now!


Writings



TechNet Magazine
>Top 10 Performance Improvements in IIS 7.0

MSDN Magazine
>IIS 7.0: Build Web Server Solutions with End-To-End Extensibility
>IIS 7.0: Enhance Your Apps with the Integrated ASP.NET Pipeline
>IIS 7.0: Explore The Web Server For Windows Vista And Beyond
>Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0
>Fast, Scalable, and Secure Session State Management for Your Web Applications


Tools and Modules

LeechGuard
IconHandler 2.0
DirectoryListing
HttpRedirection
IIS Auth for Wordpress
iisschema.exe
PortCheck.exe v2.0

Popular Posts

- ASP.NET 2.0 Breaking Changes on IIS 7.0
- Develop IIS7 modules and handlers with .NET
- Troubleshoot IIS7 errors like a pro
- Troubleshooting 503 / "service unavailable" errors
- Troubleshooting "server not found" errors
- Create IIS7 sites, applications, and virtual directories
- Run Ruby on Rails with IIS FastCGI
- VS Debugging of ASP.NET applications on Windows Vista
- Stop hot-linking with IIS and ASP.NET

Tags

Search

Go

This Blog

Archives

Good IIS Blogs

Disclaimer

These postings are provided as is with no warranties, and confer no rights. The views expressed in this blog are entirely my own.

Syndication