How to perform an upgrade from Windows Server 2008 to Windows Server 2012, which is used in shared hosting with Atomia. Shared configuration for IIS between versions 7.5 and 8.5 is not quite compatible, but we try to make it as painless as possible. Here we go!
How IIS clusters work with Atomia
Atomia uses shared configuration for IIS nodes, usually located at: \\storage\webshare\configuration\iis. For access to the shared config file domain\domain_user is used.
The web content is located at: \\storage\webshare\content. When a website is created all configurations are saved in \\storage\webshare\configuration\iis\applicationHost.config and administration.config. The website is available on all IIS nodes.
For communication with IIS clusters (e.g. when adding new websites, deleting, or modifying) Atomia uses a resource description file (http://learn.atomia.com/manuals/atomia-automation-server/configuration/resource-description/) on the provisioning server:
C:\Program Files (x86)\Atomia\AutomationServer\Common\Resources.xml
... <resourceList> <resource name="IISServersCluster"> <property name="IPAddress">10.133.9.68</property> <property name="ClusterIpAddress">81.236.59.231</property> </resource> </resourceList> ...
Upgrading from Windows Server 2008 to Windows Server 2012
The safest way to do migration is by exporting the websites and application pools as xml documents and import these on the new node. Once you have completed the whole process (see steps below) you will need to export the configurations: applicationHost.config, administration.config, and configEncKey.key. Put these these files on a centralized storage, \\storage\webshare\configuration\iis, and import this config from the storage for every new node.
- Install the new server (Windows 2012).
- Join it to your domain.
- Ensure that all IIS features are enabled:
Dism /online /Enable-Feature /FeatureName:NetFx3 /all Dism /online /Enable-Feature /FeatureName:IIS-WebServerRole Dism /online /Enable-Feature /FeatureName:IIS-WebServer Dism /online /Enable-Feature /FeatureName:IIS-CommonHttpFeatures Dism /online /Enable-Feature /FeatureName:IIS-Security Dism /online /Enable-Feature /FeatureName:IIS-RequestFiltering Dism /online /Enable-Feature /FeatureName:IIS-StaticContent Dism /online /Enable-Feature /FeatureName:IIS-DefaultDocument Dism /online /Enable-Feature /FeatureName:IIS-ApplicationDevelopment Dism /online /Enable-Feature /FeatureName:IIS-NetFxExtensibility /all Dism /online /Enable-Feature /FeatureName:IIS-ISAPIExtensions Dism /online /Enable-Feature /FeatureName:IIS-ASP Dism /online /Enable-Feature /FeatureName:IIS-ISAPIFilter Dism /online /Enable-Feature /FeatureName:IIS-ASPNET /all Dism /online /Enable-Feature /FeatureName:IIS-CGI Dism /online /Enable-Feature /FeatureName:IIS-ServerSideIncludes Dism /online /Enable-Feature /FeatureName:IIS-CustomLogging Dism /online /Enable-Feature /FeatureName:IIS-BasicAuthentication Dism /online /Enable-Feature /FeatureName:IIS-WebServerManagementTools Dism /online /Enable-Feature /FeatureName:IIS-ManagementConsole
- Create a backup on a new node:
%windir%\system32\inetsrv\appcmd add backup DefaultState
- Export the application pools and the website from the old configuration:
%windir%\system32\inetsrv\appcmd list apppool /config /xml > c:\apppools.xml %windir%\system32\inetsrv\appcmd list site /config /xml > c:\sites.xml
- The above step will export all the application pools and websites on your web server. Therefore, you need to edit apppools.xml and sites.xml and remove the applications that you do not need to import. For example:
- AppPools:
* DefaultAppPool
* Classic .NET AppPool
* SecurityTokenServiceApplicationPool - Websites:
* Default Website
- AppPools:
- Import the websites and application pools on the new node:
%windir%\system32\inetsrv\appcmd add apppool /in < c:\apppools.xml %windir%\system32\inetsrv\appcmd add site /in < c:\sites.xml iisreset
- Unlock the modules and handlers by issuing the following:
%windir%\system32\inetsrv\appcmd unlock config /section:system.webserver/modules %windir%\system32\inetsrv\appcmd unlock config /section:system.webserver/handlers
- Set up the registry and the firewall.
- Create the directory c:\install.
- Pull exe files from here.
- Put them inside c:\install.
- Execute the following:
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log /centralLogFileMode:"CentralW3C" /centralW3CLogFile.period:"Hourly" /centralW3CLogFile.logExtFileFlags:"Date, Time, ClientIP, UserName, SiteName, Method, UriStem, UriQuery, HttpStatus, BytesSent, UserAgent, Referer, ProtocolVersion, Host" /commit:apphost set-webconfigurationproperty /system.webServer/security/authentication/anonymousAuthentication -name userName -value "" cmd /C c:\install\RegistryUnlocker.exe u "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" cmd /C REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" /v RunAs /d "$domain\$domain_admin" /t REG_SZ /f cmd /C REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" /v EndPoints /d "ncacn_ip_tcp,0,22000" /t REG_MULTI_SZ /f cmd /C c:\install\LsaStorePrivateData set "SCM:{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" "$appadminUserPassword" cmd /C c:\install\RegistryUnlocker.exe l "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}"keys netsh advfirewall firewall add rule name="RPC Mapper" dir=in action=allow profile=domain remoteip=localsubnet protocol=tcp localport=135 service=RpcSs netsh advfirewall firewall add rule name="AHADMIN Fixed Endpoint" dir=in action=allow profile=domain remoteip=localsubnet protocol=tcp localport=22000 program=%windir%\system32\dllhost.exe iisreset
- Note the following lines:
-
- line #4: change $domain\$domain_admin
- line #6: change $appadminUserPassword
- Update the resource description file on the provisioning server:
C:\Program Files (x86)\Atomia\AutomationServer\Common\Resources.xml... <resourceList> <resource name="IISServersCluster"> <property name="IPAddress">10.133.9.68</property> (old IP - remove this property-line) <property name="IPAddress">10.133.9.69</property> (add this property-line) <property name="ClusterIpAddress">81.236.49.251</property> </resource> </resourceList> ...
- Stop the service Atomia Automation Provisioning Engine service:
iisreset
- Start the service Atomia Automation Provisioning Engine service.
- Configure the Load Balancers with the new node.
- Test the functionality.