I installed the freely available Microsoft Virtual Server 2005 R2 SP1 Enterprise Edition on my Windows Vista machine today and noticed that the setup did not let me add the Administration Web Site for Virtual Server on a different web site than the default web site. Instead the only option was to have it added as a virtual directory to the default web site running on port 80. However, I expose the default web site to the outside world (as a matter of fact I run this blog off that machine), so I did not want to have the virtual directory for my Virtual Server exposed to the outside world as well. Since I couldn't find anything on Ben Armstrong's blog about this I decided to share my findings here.
So what does it take to configure IIS7 on Windows Vista to have the Virtual Server Administration Web Site in a separate web site and a different port? Follow these simple steps:
- First of all, make sure you are running one of the supported editions of Windows Vista. Basically the Starter and Home editions don't even let you install IIS7, and Home Premium does not support Windows Authentication, so only the Business, Enterprise, and Ultimate editions have the required features.
- Before installing Virtual Server, you need to enable the right options for IIS7 in Control Panel -> Programs and Features -> Turn Windows Features on or off. See this post on Ben Armstrong's blog for details on which options need to be installed.
- Execute the Virtual Server installer.
- Open the Internet Information Services (IIS) Manager from Administrative Tools.
- You will see that a virtual directory called VirtualServer has been added underneath your Default Web Site. Right-click on the parent folder of the Default Web Site called Web Sites and select Add Web Site...
- Fill in a name. I used Virtual Server, but you can pick any name you want. You can use the DefaultAppPool with the web site, or you can create a separate app pool if needed. However, since the Virtual Server web site is CGI and not ASP.NET, I believe it does not make much difference either way.
- The Physical Path should point to C:\Program Files\Microsoft Virtual Server\WebSite or whichever directory you installed Virtual Server into. Make sure it points to the WebSite subfolder.
- Pick a port other than 80, so that the web site cannot be accessed from the outside world. If you want to expose the web site to the outside world, you should still pick a port that cannot be easily guessed by a stranger for security purposes. Even if someone guesses the right port the web site will not be completely exposed, since Windows Authentication will require correct credentials to display the web site. By default, the Virtual Server setup will use port 1024 if it creates a separate web site automatically (presumably on a Windows Server 2003 system).
- If you are not exposing the web site to the outside world, simply enter localhost as the Host header, otherwise enter your desired Host header. If you want to access the administration web site from a different computer within your network, make sure to also add a second binding to the actual host name of the machine.
- Leave the Start web site immediately checkbox checked and click Ok.
- Now click on the web site you just created in the web sites tree so that the configuration icons for the web site appear in the IIS management console. You can ignore the ASP.NET configuration settings, since as I said before already this is not an ASP.NET application.
- Open the Authentication configuration settings and disable everything except Windows Authentication.
- In Handler Mappings, make sure CGI-exe is enabled. If it is not enabled, right-click on it and select Edit Handler Permissions, then check all permissions, in my case Execute was unchecked and needed to be checked.
- Open a browser and test your configuration by navigating to http://<hostname>:<port>/. If you entered localhost in step 9 and for example port 1234 in step 8, the address would be http://localhost:1234/. The Virtual Server Administration Web Site should come up successfully.
- You can now remove the virtual directory that was created by the setup from your default web site.
- If you open the web site in your browser and it offers you the CGI application as a download, you did not enable CGI execution on the web site. Make sure you followed steps 2 and 13 above.
- If the administration web site comes up but says "Could not connect to Virtual Server. Access Denied. Please contact Virtual Server administrator to set the required permissions to manage Virtual Server.", then you did not enable Windows Authentication. Make sure you followed steps 1 and 12 above.
- If you get a HTTP 400 Bad Request error in your browser, you probably didn't set up the host header for the web site correctly. Make sure you followed step 9 above.