How do you automate installation of IIS Administration

[artisticcheese]

I can see that to install IIS Administration manual step of installing MSI for .NET core plus actual executable for IIS Administration shall be run in manual fashion. How to properly automate it to put inside docker container?

[jimmyca15]

We're improving the installer right now so that the .NET Core dependency is bundled in. For now you have to install .NET Core, then install IIS Administration.

c:\bin\DotNetCore.1.0.3_1.1.0-WindowsHosting.exe /install /q /norestart
c:\bin\IISAdministrationSetup.exe /install /q /norestart

[artisticcheese]

Any plans to move to more automatable release via supported packagemanagement via Powershell? Running command line executables is pretty difficult to orchestrate properly.

[jimmyca15]

Do you mean the PowerShell commandlets such as?
Enable-WindowsOptionalFeature -Online ....

We do not plan on having anything like that.

We have two mechanisms that can be used to install the IIS Administration API, the setup exe and the Setup.ps1 PowerShell script. The setup exe is a simple wrapper around the PowerShell script. The exe is preferable because it leaves valuable metadata such as the fact the program is installed in the 'Install/Uninstall Programs' menu. However there is no issue with running the PowerShell script directly, and this is actually the only mechanism supported on Nano Server.

[artisticcheese]

I mean Chocolatey installation type or how docker does it. https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider

[jimmyca15]

We don't have any plans to move toward a system such as this. This would be our first piece of feedback on the matter. We can look into distribution mechanisms such as Chocolately to see how they can improve obtainability of the API. For now our only supported mechanisms are the PS script and setup exe.

[artisticcheese]

Can you please create ZIP downloadable file for all scripts neccessary to install from /scripts/setup folder so powershell can be used to download single ZIP file, extract it and then run installation. Github allows to download entire project as ZIP file but it's way too many unneccessary files being pulled, it does not allow to download individual folders though.

[jimmyca15]

@artisticcheese,

Whenever we release a new version of IIS Administration we package up a ZIP file that contains all the necessary files including the setup scripts.

The latest release at the time of writing is at
https://github.com/Microsoft/IIS.Administration/releases/download/v1.1.1/IIS.Administration.zip

The blog post we put out for installing on Nano has a PowerShell snippet at the bottom that downloads the latest release (with hard-coded version), unzips it and then installs it.

[artisticcheese]

I have downloaded ZIP file mentioned above, extracted it. Went into setup directory and launched setup.ps1 install -verbose which gave me the same error message stating that Powershell core is not installed. Am I missing some steps?

PS C:\prep\iisadmin\setup> .\setup.ps1 install -verbose
VERBOSE: Verifying user is an Administrator
VERBOSE: Ok
VERBOSE: Verifying user is an Administrator
VERBOSE: Ok
Checking installation requirements
VERBOSE: Verifying IIS is enabled
VERBOSE: Ok
VERBOSE: Verifying Windows Authentication is Enabled
VERBOSE: Ok
VERBOSE: Verifying URL Authorization is Enabled
VERBOSE: Ok
VERBOSE: Verifying IIS-HostableWebCore is Enabled
VERBOSE: Ok
VERBOSE: Verifying .NET Core shared framework installed
WARNING: .NET Core Server Hosting tools not installed
WARNING: Download .NET Core Server Hosting tools from 'https://go.microsoft.com/fwlink/?LinkId=817246'
Rolling back
Finished rolling back.
C:\prep\iisadmin\setup\setup.ps1 : .NET Core required to continue
At C:\prep\iisadmin\setup\require.ps1:29 char:9
+         throw ".NET Core required to continue"
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At line:1 char:1
+ .\setup.ps1 install -verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], RuntimeException
    + FullyQualifiedErrorId : System.Management.Automation.RuntimeException,setup.ps1

[jimmyca15]

Yes, the PowerShell installation script setup.ps1 requires that .NET Core be installed on the machine.

Our guide for installing the IIS Administration API on Nano Server mentions all the requirements for installation. It can be found at https://blogs.iis.net/adminapi/microsoft-iis-administration-on-nano-server

The specific documentation for getting .NET Core on Nano Server is at https://docs.microsoft.com/en-us/aspnet/core/tutorials/nano-server

[artisticcheese]

Any specific reason all that stuff is just not incorporated into setup.ps1 so entire installation document will just consist of run setup.ps1 Install

[drago-draganov]

There are a couple of reasons:

We prioritized the initial user experience on https://manage.iis.net, which absolutely needs smooth MSI install. It may not look as important for server/farm/automated deployments, but it's indeed the first touch with the product for a lot of people. That initial impression was critical to make right. With v1.1.1 release we are now satisfied with that experience and can better focus on automation scenarios going forward.

Installing .NET Core on Nano Server is (was) not as smooth as we would like to see to allow us single line install, but we are working on it.

I realize that asking to run additional script(s) for automation deployment doesn't sound as optimal experience, but we are getting there.

Your feedback is much appreciated for us to prioritize accordingly.

Thanks.

[artisticcheese]

Which specific .NET core option shall be installed. Since this will be hosted inside Windows containers, self contained images (without installers) are prefered since it does not inflate container size.

[jimmyca15]

@artisticcheese,

The Windows Server Hosting option is needed.

[artisticcheese]

1. Why Windows-Authentication module is needed if I will hardcode keys into my image?
2. Where do I download ISAdministrationSetup.exe /install /q /norestart mentioned?

[jimmyca15]

1. The Windows Authentication module is how we restrict access to access token generation. Installation requires this module to be enabled, and if it is disabled the installer will enable it. Windows Authentication is also used in a few sections of the API that we deemed necessary to require an Administrator to be able to perform.

2. The download page for IIS Administration is https://manage.iis.net/get. The download link we use for the latest version of IISAdministrationSetup.exe is http://go.microsoft.com/fwlink/?LinkId=829373

[artisticcheese]

Well Windows Server Container is incapable of utilizing Windows Authentication since local username/password are not provided neither container can be joined to a domain. This module shall be optional I would think bearing in mind this limitations and trying to keep container small.

[jimmyca15]

@artisticcheese,

Are you just trying to remove the requirement for Windows Authentication when connecting to the API or do you mean you would like to never have the Windows Authentication binaries placed in the container?

[artisticcheese]

Trying to install it into container with as little overhead as possible. This specific module does not serve any purpouse inside Windows container since it's impossible to use Windows authentication into container since no username/password for administrator is provided by default. It's possible to create new username/password for local admin account but it's outside of normal operations of windows containers.

[jimmyca15]

To remove the Windows Authentication requirement from the API a couple of changes must be made to the web.config file.

The web.config file is located at
%SystemDrive%\Program Files\IIS Administration\1.1.1\Microsoft.IIS.Administration\web.config

Lines 8-16 should be changed from

   <security>
      <authentication>
        <windowsAuthentication enabled="true" />
      </authentication>
      <authorization>
        <clear />
        <add accessType="Allow" roles="Administrators,IIS Administrators" />
      </authorization>
    </security>

to

    <security>
      <authentication>
        <windowsAuthentication enabled="true" />
        <anonymousAuthentication enabled="true" />
      </authentication>
      <authorization>
        <clear />
        <add accessType="Allow" users="*" />
      </authorization>
    </security>

These changes do not remove the Windows Authentication requirement to generate access tokens. Since you already have access tokens generated this should not be an issue.

[artisticcheese]

I created container with IISAdministration installed into. I can see WebServer is listening on 55539 but it hangs on request to it. Container name is "artisticcheese\iis-basis", you can pull it directly from docker hub to test. Both dotnetcore hosting as well as IISadministration modules are installed.
Also do I need to install .NET core separately since you mentioned IISAdministration.exe ver 1.1.1 already installs all prerequisites.

PS C:\prep> Get-WmiObject win32_product


IdentifyingNumber : {23438CA0-A819-4CAC-852E-1F562F5589D4}
Name              : Microsoft IIS Administration
Vendor            : Microsoft Corporation
Version           : 1.1.1
Caption           : Microsoft IIS Administration

IdentifyingNumber : {D51EE501-C89E-4A85-B8DA-F35B1A4662DC}
Name              : Microsoft .NET Core 1.0.5 - Host FX Resolver (x64)
Vendor            : Microsoft Corporation
Version           : 4.1.21265
Caption           : Microsoft .NET Core 1.0.5 - Host FX Resolver (x64)

IdentifyingNumber : {76BBB981-B9FC-4C47-BE84-9D15664F0AD6}
Vendor            : Microsoft Corporation
Version           : 4.16.1514
Caption           : Microsoft .NET Core 1.1.2 - Host (x64)

IdentifyingNumber : {50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}
Name              : Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215
Vendor            : Microsoft Corporation
Version           : 14.0.24215
Caption           : Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215

IdentifyingNumber : {BFF13C15-903D-4ADB-9E18-12FEA201E075}
Name              : Microsoft .NET Core 1.1.2 - Runtime (x64)
Vendor            : Microsoft Corporation
Version           : 1.1.2
Caption           : Microsoft .NET Core 1.1.2 - Runtime (x64)

IdentifyingNumber : {C9A7E739-776F-4CA7-A5F5-EC6A41B6C039}
Name              : Microsoft .NET Core 1.0.5 - Host (x64)
Vendor            : Microsoft Corporation
Version           : 4.0.21265
Caption           : Microsoft .NET Core 1.0.5 - Host (x64)

IdentifyingNumber : {18036C39-1B1D-49C0-A560-FD1511A5C906}
Name              : Microsoft .NET Core 1.1.2 - Host FX Resolver (x64)
Vendor            : Microsoft Corporation
Version           : 4.16.34282
Caption           : Microsoft .NET Core 1.1.2 - Host FX Resolver (x64)

IdentifyingNumber : {73E76099-AAE4-4CA1-8A98-ED21B18BADAA}
Name              : Microsoft .NET Core 1.0.5 - Runtime (x64)
Vendor            : Microsoft Corporation
Version           : 1.0.5
Caption           : Microsoft .NET Core 1.0.5 - Runtime (x64)

IdentifyingNumber : {EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}
Name              : Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215
Vendor            : Microsoft Corporation
Version           : 14.0.24215
Caption           : Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215

IdentifyingNumber : {B1B05FBB-1255-4F5B-9BAF-43B971A92613}
Name              : Microsoft ASP.NET Core Module
Vendor            : Microsoft Corporation
Version           : 1.0.1972
Caption           : Microsoft ASP.NET Core Module

Netstat

TCP    0.0.0.0:49157          0.0.0.0:0              LISTENING       684
  TCP    0.0.0.0:55539          0.0.0.0:0              LISTENING       4
  TCP    172.27.113.210:55539   172.27.112.1:1698      ESTABLISHED     4
  TCP    [::]:80                [::]:0                 LISTENING       4
  TCP    [::]:135               [::]:0                 LISTENING       1092
  TCP    [::]:5985              [::]:0                 LISTENING       4
  TCP    [::]:8172              [::]:0                 LISTENING       4
  TCP    [::]:47001             [::]:0                 LISTENING       4
  TCP    [::]:49152             [::]:0                 LISTENING       312
  TCP    [::]:49153             [::]:0                 LISTENING       1200
  TCP    [::]:49154             [::]:0                 LISTENING       1244
  TCP    [::]:49155             [::]:0                 LISTENING       560
  TCP    [::]:49157             [::]:0                 LISTENING       684
  TCP    [::]:55539             [::]:0                 LISTENING       4
  UDP    0.0.0.0:5353           *:*                                    1364
  UDP    0.0.0.0:5355           *:*                                    1364
  UDP    [::]:5353              *:*                                    1364
  UDP    [::]:5355              *:*                                    1364

Issuing request to port 55539

PS C:\prep> Invoke-WebRequest http://localhost:55539 -UseBasicParsing -TimeoutSec 30
Invoke-WebRequest : The operation has timed out.
At line:1 char:1
+ Invoke-WebRequest http://localhost:55539 -UseBasicParsing -TimeoutSec ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

[jimmyca15]

I just pulled and ran your container. I performed a couple scenarios and everything is running end to end.

Have you been requesting HTTP rather than HTTPS? The API doesn't listen for HTTP. If I try to use HTTP I get the same timeout you did, but that is expected.

• The API runs on https://{hostname/ip}:55539
• Port 55539 needs to be exposed in some way to be accessible outside the container.

Here is my command running in the artisticcheese/iis-basis container

Note: The 401 is expected, as the container image does not have the Windows Authentication requirements removed as I mentioned before.

PS C:\prep> dir


    Directory: C:\prep


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        5/17/2017   8:17 PM        3950360 iisadmin.exe


PS C:\prep> Invoke-WebRequest https://localhost:55539 -UseBasicParsing -TimeoutSec 30
Invoke-WebRequest : The remote server returned an error: (401) Unauthorized.
At line:1 char:1
+ Invoke-WebRequest https://localhost:55539 -UseBasicParsing -TimeoutSe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

PS C:\prep>

[jimmyca15]

I ran your container with

docker run artisticcheese/iis-basis --expose 55539

[artisticcheese]

Yes. My bad I was using HTTP. So to answer second question, do I still need to preload .NET core if you said IISadmin will already install it anyway in latest version?

[jimmyca15]

.NET Core will be automatically downloaded and installed by the IISAdministrationSetup.exe installer as long as internet connection is available. If you don't want the installation of IIS Administration to depend on having an internet connection you'll have to preload .NET Core as you mentioned.

[artisticcheese]

Is there any switch can be enabled with IISAdmin.exe to show verbose output of what is being done during installation. I'm currently running with iisadmin.exe /install /q /norestart which does not provide command line feedback of what is being done.

[jimmyca15]

No there is not currently any output that will appear when you install in this manner.

[jimmyca15]

If you would like to see the output of the installer it is available in the %temp% directory. The log file names are in the form of Microsoft_IIS_Administration_*.log

[artisticcheese]

I really want this to be in output stream to show up during build about progress as well as errors. You can already see this caused issues during debugging where installation never took place due to delete statements following right after installation statements

[jimmyca15]

This behavior is not available through the setup executable, and it is not something that we can simply turn on. It would require additional features to be available in Bootstrapper installer. If this behavior is necessary for your scenarios then you can file a feature request and we can discuss this further. The overall issue of running inside a container has been addressed.