Reseal and IIS

  • Article

Over the years there have been a number of newsgroup posts about using System Cloning with IIS. Some customers have cloned the image and then found that IIS service will not restart on the cloned image when it boots up.

There are a number of issues that may have an impact here. The most common one to be aware of is that fbreseal.exe does not support cloning an image more than once. Cloning an image numerous times can lead to data loss and image corruption of user settings, IIS & database settings, domain memberships and local & group policies.

Even on image sealed just once the IIS service may not start, due to a timing issue with services restarting on the cloned image. Brad Combs explained it this way in a newsgroup post:

"During the first boot of a cloned image, some of the cloning activities are done in parallel with service start up. Among other things, the cloning activities include SID change and application in the file system and security information; reinstalling MSDTC, and reconfiguring IIS. This is not all well-documented. User installed services can interfere with the cloning activities if not implemented correctly. The correct way to synchronize with cloning activities is not documented.  However, if a service depends on the MSDTC service, then it doesn't start until after MSDTC is reinstalled and the problem doesn't occur.

If you look in the application event log you can see the MSDTC service get removed then get re-installed.  If you have a service that starts before MSDTC reinstallation, it might interfere with reinstallation.

The post-clone FBA  runs as the shell application.  The precursor to the shell, LSASS, launches in parallel with services.exe.  As part of cloning FBA reads the file C:\Windows\inf\minioc.inf to direct its some actions pre- and post-clone.  The section [SysprepInitExecute] shows that MSDTC, COM+, SCE, IIS, and Terminal Server have actions to perform post-clone."

DirectX on the system may also be one of the components that has contributes to this issue.

The ideal would be for all services to be "chained" or have a dependency on a previous service starting up before they run, but this is not the current structure of the XPe component architecture.

The current workaround is to issue the following commands after cloning completes, in order to restart MSDTC and IIS:
msdtc -install -a
msdtc -resetlog
iisreset /restart

- Lynda

Technorati Tags: XPe, Componentization