IIS Interview Questions and Answers

What is the Role of IIS?

                               Visual studio has ASP.NET Engine which is capable to run Asp.net web application. So we just click on Run button to start the application.
IIS provides a redesigned WWW architecture which can help you achieve better performance, scalability, reliability and security for our Web sites. IIS supports following Protocol HTTP/HTTPS, FTP, FTPS, SMTP Etc. We need to host the site on IIS, when request comes from client it first hits the IIS Server, then the server passed it to ASP.NET worker process to execute. Then the response also passes to client via IIS itself.  Note only Hosting of Site we can create our FTP Server, SMTP Server using IIS itself. There are different version of IIS available like 5.1, 6.0, 7.0 etc

What is the different version on IIS that you have worked on?

                             Before answering this question you need to know what are the different IIS version is available in different OS. Below is the list of IIS version with different Operating system.

Windows Server 2008 – Windows Vista – Home Premium/ Ultimate – IIS 7.0
Windows Server 2003 – IIS 6.0
Windows XP Professional – IIS 5.1

                           Now based on your working experience you can say that you have worked on IIS 5.1 and 6.0 or only IIS 7. Etc.  Now, the next question that can asked after answering this question is “what is the difference between them ? ” – Well I will come with this later.

What is the Role of Http.Sys in IIS?

HTTP.SYS is the kernel level components of IIS. All client requests comes from client hit the HTTP.Sys of Kernel level. HTTP.SYS then makes a queue for each and every request for each and individual application pool based on the request. Whenever we create any application pool IIS automatically registers the pool with HTTP.SYS to identify the particular during request processing.

 Before Giving the Definition: you can say like this, Concept of Application pool has from IIS 6.0.

                          Application pools are used to separate sets of IIS worker processes that share the same configuration and application boundaries. Application pools used to isolate our web application for better security, reliability, and availability and performance and keep running without impacting each other . The worker process serves as the process boundary that separates each application pool so that when one worker process or application is having an issue or recycles, other applications or worker processes are not affected. One Application Pool can have multiple worker process Also.

Main Point to Remember:

1. Isolation of Different Web Application
2. Individual worker process for different web application
3. More reliably web application
4. Better Performance

What is the Name of Default Application Pool in IIS?

                        Though we can create new application pool IIS with different settings, but IIS having its own default application pool named : DefaultAppPool.

What are the different types of Identity available in IIS 6.0?

                        IIS having three different Identities.
1. Local System
2. Local Services
3. Network Services

Name of default Identity of IIS6.0?

                        Default Identity of IIS 6.0 is Network Services. Which is having very minimum rights on your system? The user can only have the read access of the site.

What is Recycling of Application Pool?

                         Recycling Application pool means recycle the Worker process (w3wp.exe) and the memory used for the web application.  There are two types of recycling related with Application pool

1. Recycling Worker Process – Predefined Settings
2. Recycling Worker Process – Based on Memory

What are the main layers of IIS Architecture?

                          IIS having mainly two layers Kernel Mode and User Mode

                                 Below are the subsection of both of them.
1. Kernel Mode
o HTTP.SYS

                                            2. User Mode
o Web Admin Service
o Virtual Directory
o Application Pool

What is the Role of Http.Sys in IIS?

                                 HTTP.SYS is the kernel level components of IIS. All client requests comes from client hit the HTTP.Sys of Kernel level. HTTP.SYS then makes a queue for each and every request for each and individual application pool based on the request.  Whenever we create any application pool IIS automatically registers the pool with HTTP.SYS to identify the particular during request processing.

What are the different security settings available in IIS?

Below are the commonly used IIS Security settings

1 Anonymous
2 Integrated Windows Authentication
3. Basic Authentication
4. Digest Authentication
5. Passport Authentication

For Set security permission you need to go to Virtual Directory > Right Click > Properties > Directory Security
Click on Edit Button.

What are the default authentication settings for IIS?

Anonymous authentication is the default authentication mode for any site that is hosted on IIS, and it runs under the “IUSR_[Server Name]” account.

What is web garden?

By default Each Application Pool runs with a Single Worker Process (W3Wp.exe). We can assign multiple Worker Process With a Single Application Pool. An Application Poll with multiple Worker process called Web Gardens. Each Worker Process Should has their own Thread and Own Memory space.

Generally its not recommended to use InProc Session mode while we are using Web Garden.

Where session data stores in case of “In-Proc” Session mode?

Session data store inside process memory of worker process [w3wp.exe] .

How we can create an web garden?

For creating web garden we need to go to Application Pool, then Right Click on Application Pool > Properties > Go to Performance Tab
In Web Garden Section, increase the number of worker process. By default it is 1.

How we can debug a web application which is hosted on IIS?

We can easily debug any web application that is hosted on IIS by using Attaching of Worker Process.
From Visual Studio IDE > Tools > Attach To Process
Select the particular Process, then start debugging.

How we can open IIS Configuration manager?

Just simply Run >inetmgr Or we can open it from control panel > Administrative tools.

How we can create a Virtual Directory on IIS?

Open IIS Configuration Manager
First of all Right Click on Default web sites > New > Virtual Directory.
Browse the Physical Path. Set the properties. Click on OK

What are the permission settings are available for Virtual Directory?

Below are the lists of permission that can be set during virtual directory creation
1. Read
2. Run Scripts
3. Execute:
4. Write:
5. Browse

Windows DHCP Interview Questions and Answers

What is dhcp?

Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network.

What is the dhcp process for client machine?

          1. A user turns on a computer with a DHCP client.

          2. The client computer sends a broadcast request (called a DISCOVER or DHCPDISCOVER), looking for a DHCP server to answer.

           3. The router directs the DISCOVER packet to the correct DHCP server.

          4. The server receives the DISCOVER packet. Based on availability and usage policies set on the server, the server determines an appropriate address (if any) to give to the client. The server then temporarily reserves that address for the client and sends back to the client an OFFER (or DHCPOFFER) packet, with that address information. The server also configures the client’s DNS servers, WINS servers, NTP servers, and sometimes other services as well.

          5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the server know that it intends to use the address.

          6. The server sends an ACK (or DHCPACK) packet, confirming that the client has a been given a lease on the address for a server-specified period of time.

What is dhcp scope ?

DHCP scopes are used to define ranges of addresses from which a DHCP server can assign IP addresses to clients.

Types of scopes in windows dhcp ?

Normal Scope – Allows A, B and C Class IP address ranges to be specified including subnet masks, exclusions and reservations. Each normal scope defined must exist within its own subnet.

Multicast Scope – Used to assign IP address ranges for Class D networks. Multicast scopes do not have subnet masks, reservation or other TCP/IP options. Multicast scope address ranges require that a Time To Live (TTL) value be specified (essentially the number of routers a packet can pass through on the way to its destination).

Super scope – Essentially a collection of scopes grouped together such that they can be enabled and disabled as a single entity.

What is Authorizing DHCP Servers in Active Directory ?

If a DHCP server is to operate within an Active Directory domain (and is not running on a domain controller) it must first be authorized. This can be achieved either as part of the DHCP Server role installation, or subsequently using 2 either DHCP console or at the command prompt using the netsh tool. If the DHCP server was not authorized during installation, invoke the DHCP console (Start -> All Programs -> Administrative Tools -> DHCP), right click on the DHCP to be authorized and select Authorize. To achieve the same result from the command prompt, enter the following command: netsh dhcp server serverID initiate auth In the above command syntax, serverID is replaced by the IP address or full UNC name of system on which the DHCP server is installed.

What ports are used by DHCP and the DHCP clients ?

Requests are on UDP port 68, Server replies on UDP 67 .

Benefits of using DHCP DHCP provides the following benefits for administering your TCP/IP-based network: Safe and reliable configuration.DHCP avoids configuration errors caused by the need to manually type in values at each computer. Also, DHCP helps prevent address conflicts caused by a previously assigned IP address being reused to configure a new computer on the network. Reduces configuration management.

Using DHCP servers can greatly decrease time spent to configuring and reconfiguring computers on your network. Servers can be configured to supply a full range of additional configuration values when assigning address leases. These values are assigned using DHCP options. Also, the DHCP lease renewal process helps assure that where client configurations need to be updated often (such as users with mobile or portable computers who change locations frequently), these changes can be made efficiently and automatically by clients communicating directly with DHCP servers.

The following section covers issues that affect the use of the DHCP Server service with other services or network configurations. Using DNS servers with DHCP Using Routing and Remote Access servers with DHCP Multihomed DHCP servers.

Describe the process of installing a DHCP server in an AD infrastructure ?

Open Windows Components Wizard. Under Components , scroll to and click Networking Services. Click Details . Under Subcomponents of Networking Services , click Dynamic Host Configuration Protocol (DHCP) and then click OK .

Click Next . If prompted, type the full path to the Windows Server 2003 distribution files, and then click Next. Required files are copied to your hard disk.

How to authorize a DHCP server in Active Directory Open DHCP ?

 In the console tree, click DHCP . On the Action menu, click Manage authorized servers. . The Manage Authorized Servers dialog box appears. Click Authorize. . When prompted, type the name or IP address of the DHCP server to be authorized, and then click OK. 3

What is DHCPINFORM ?

DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options. While PPP remote access clients do not use DHCP to obtain IP addresses for the remote access connection, Windows 2000 and Windows 98 remote access clients use the DHCPInform message to obtain DNS server IP addresses, WINS server IP addresses, and a DNS domain name.

The DHCPInform message is sent after the IPCP negotiation is concluded. The DHCPInform message received by the remote access server is then forwarded to a DHCP server. The remote access server forwards DHCPInform messages only if it has been configured with the DHCP Relay Agent.

Describe the integration between DHCP and DNS?

Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes.

DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company’s network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs. This integration provides practical operational efficiencies that lower total cost of ownership.

Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP address-centric network services data.

Flexible Single Master Operations

Windows 2000/2003/2008/2012 Multi-Master Model

A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise.

One way Windows 2000/2003/2008 deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, “the last writer wins”), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the “last writer wins” approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact.

For certain types of changes, Windows 2000/2003/2008 incorporates methods to prevent conflicting Active Directory updates from occurring.

Windows 2000/2003 Single-Master Model

To prevent conflicting updates in Windows 2000/2003/2008, the Active Directory performs updates to certain objects in a single-master fashion.

In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 4.0), in which the PDC is responsible for processing all updates in a given domain.

In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

Schema Master:

The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.

Domain naming master:

The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest.

Infrastructure Master:

When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.

Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest.

As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC’s event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role.

Relative ID (RID) Master:

The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object.

This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates.

When a DC’s allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain’s RID master. The domain RID master responds to the request by retrieving RIDs from the domain’s unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain.

PDC Emulator:

The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol.

All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.

The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source.

All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner. In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:

Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.

Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.

Account lockout is processed on the PDC emulator.

Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator’s SYSVOL share, unless configured not to do so by the administrator.

The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.

This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003/2008 environment. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

Active Directory Interview Question and Answers

>What is Active Directory? 
Active Directory is a Meta Data. Active Directory is a data base which stores a data base like your user information, computer information and also other network object info. It has capabilities to manage and administer the complete Network which connect with AD.

>What is domain? 
Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user needs only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The ‘domain’ is simply your computer address not to confuse with an URL. A domain address might look something like 211.170.469.

>What is domain controller? 
A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

>What is LDAP? 
Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.

>What is KCC? 
KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intra-site replication. Within a site replication traffic is done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP.

>Where is the AD database held? What other folders are related to AD?
The AD data base is store in c:\windows\ntds\NTDS.DIT.

>What is the SYSVOL folder?
The sysVOL folder stores the server’s copy of the domain’s public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.

>Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003? 
The Active Directory replaces them. Now all domain controllers share a multi master peer-to-peer read and write relationship that hosts copies of the Active Directory.

>Cannot create a new universal user group. Why?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.

>What is LSDOU?
 Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.

>Why doesn’t LSDOU work under Windows NT? 
If the NTConfig.pol file exists, it has the highest priority among the numerous policies.

>How many number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.

> What’s the difference between guest accounts in Server 2003 and other editions?
More restrictive in Windows Server 2003.

> How many passwords by default are remembered when you check “Enforce Password History Remembered”?
User’s last 6 passwords.

> Can GC Server and Infrastructure place in single server? 
No, As Infrastructure master does the same job as the GC. It does not work together.

> Which is service in your windows is responsible for replication of Domain controller to another domain controller.
KCC generates the replication topology.
Use SMTP / RPC to replicate changes.