Manage IIS on a Container with the IIS Admin Console

  • Article

Many legacy apps are based on IIS and ship with documentation which describes deployment and management operations primarily via the IIS Manager. This console is a GUI. Windows Containers do not support any form of GUI, so all ‘local’ operations must be performed via a command line interface. We will demonstrate how to prepare containers for IIS administration via a remote instance of the IIS Manager.

Step by Step

In this step-by-step we will:

  1. create a container based on an image with IIS already installed
  2. add remote IIS admin support to the container
  3. connect to the IIS admin console on the container host to the IIS Admin Service service the container

On the container host:

- Open a PowerShell admin session

- Start interactive container

- With .net 3.5 -

docker run -it --name frame35 cd\-v c:\shared:c:\shared microsoft/dotnet-framework:3.5

- with .net 4.6.2 -

docker run -it --name frame46 -v c:\shared:c:\shared microsoft/dotnet-framework:4.6.2

- or start detached and then attach to container -

docker run --name <name> -d=true -v c:\shared:c:\shared microsoft/windowsservercore:latestdocker attach <name>

Note: To add Active Directory support to any container, add --security-opt "credentialspec=file://<CredentialSpecName>.json" to the docker run command line. See <ref> for more details.

i.e. docker run -it --name frame46 -v c:\shared:c:\shared --security-opt "credentialspec=file://adoncontt1.json" microsoft/dotnet-framework:4.6.2

This will switch the console from container host to container. This is now the 'container console'.

From container console:

Start Admin PowerShell

Powershell

- Install IIS + IIS Management

Install-WindowsFeature -name Web-Server -IncludeManagementTools

- Install IIS Management Service

Dism /online /enable-feature /featurename:IIS-ManagementService /all

- Enable remote access

New-ItemProperty -Path HKLM:\software\microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1 -Force

--- optional - add any or all of these features ----------------------------

Import-Module DismEnable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServer Enable-WindowsOptionalFeature -Online -FeatureName IIS-CommonHttpFeatures Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpErrors Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpRedirect Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationDevelopment Enable-WindowsOptionalFeature -Online -FeatureName IIS-NetFxExtensibility Enable-WindowsOptionalFeature -Online -FeatureName IIS-NetFxExtensibility45 Enable-WindowsOptionalFeature -Online -FeatureName IIS-HealthAndDiagnostics Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpLogging Enable-WindowsOptionalFeature -Online -FeatureName IIS-LoggingLibraries Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestMonitor Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpTracing Enable-WindowsOptionalFeature -Online -FeatureName IIS-Security Enable-WindowsOptionalFeature -Online -FeatureName IIS-URLAuthorization Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestFiltering Enable-WindowsOptionalFeature -Online -FeatureName IIS-IPSecurity Enable-WindowsOptionalFeature -Online -FeatureName IIS-Performance Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpCompressionDynamic Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerManagementTools Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementScriptingTools Enable-WindowsOptionalFeature -Online -FeatureName IIS-IIS6ManagementCompatibility Enable-WindowsOptionalFeature -Online -FeatureName IIS-Metabase Enable-WindowsOptionalFeature -Online -FeatureName IIS-HostableWebCore Enable-WindowsOptionalFeature -Online -FeatureName IIS-CertProvider Enable-WindowsOptionalFeature -Online -FeatureName IIS-WindowsAuthentication Enable-WindowsOptionalFeature -Online -FeatureName IIS-DigestAuthentication Enable-WindowsOptionalFeature -Online -FeatureName IIS-ClientCertificateMappingAuthentication Enable-WindowsOptionalFeature -Online -FeatureName IIS-IISCertificateMappingAuthentication Enable-WindowsOptionalFeature -Online -FeatureName IIS-ODBCLogging Enable-WindowsOptionalFeature -Online -FeatureName IIS-StaticContent Enable-WindowsOptionalFeature -Online -FeatureName IIS-DefaultDocument Enable-WindowsOptionalFeature -Online -FeatureName IIS-DirectoryBrowsing Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebDAV Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebSockets Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationInit Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASPNET Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASPNET45 Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASP Enable-WindowsOptionalFeature -Online -FeatureName IIS-CGI Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIExtensions Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIFilter Enable-WindowsOptionalFeature -Online -FeatureName IIS-ServerSideIncludes Enable-WindowsOptionalFeature -Online -FeatureName IIS-CustomLogging Enable-WindowsOptionalFeature -Online -FeatureName IIS-BasicAuthentication Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpCompressionStatic Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementConsole Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementService Enable-WindowsOptionalFeature -Online -FeatureName IIS-WMICompatibility Enable-WindowsOptionalFeature -Online -FeatureName IIS-LegacyScripts Enable-WindowsOptionalFeature -Online -FeatureName IIS-LegacySnapIn Enable-WindowsOptionalFeature -Online -FeatureName IIS-FTPServer Enable-WindowsOptionalFeature -Online -FeatureName IIS-FTPSvc Enable-WindowsOptionalFeature -Online -FeatureName IIS-FTPExtensibility

---------------------------------

- Stop Services

net stop Iisadmin net stop W3svc net stop wmsvc

- Start Services

net start Iisadmin net start W3svc net start wmsvc

- add admin user

net user <username> <password> /ADD net localgroup administrators <username> /add

Open another PS admin session on the container host, this will be the new 'container host console'

From container host console:

- List containers

Docker ps

- Note containerID

 

- Find container IP address

docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" <container id>

This will display the container IP address, copy it.

From container host desktop:

- Start IIS manager console

Start IIS Console

- Select 'Connect to a Server', Connect to container IP address

Start IIS Console

 

- Provide the <name> and <password> provided above in [net user <username> <password> /ADD]

Start IIS Console

 

- Click on Next. You will get a certificate error dialog

Start IIS Console

 

- Click 'View Certificate'. You will get a 'Certificate' Dialog

Start IIS Console

 

- Click 'Install Certificate'. You will get a certificate import wizard

Start IIS Console

 

- Select 'Local Machine', click 'Next'

Start IIS Console

 

- Select 'Place all certificates in the following store', click 'Browse', select 'Trusted Root Certification Authorities', click 'OK', nick 'Next'

Start IIS Console

 

Click 'Finish'

Start IIS Console

 

- Click 'Cancel'

Start IIS Console

 

- Click 'Next'. The screen below indicates success. Others screens may indicate error.

Start IIS Console

 

- You may now administer the IIS service running on the container from the IIS admin console running on the container host.

Start IIS Console