Return to Start Page

• Starting and Stopping ILS
  • Manually Starting LDAP and WWW Services
  • Manually Stopping LDAP and WWW Services
  • Manually Enable or Disable the ILS Service
  • Starting and Stopping Multiple ILS Servers
• Administering Security and Access
  • Setting ILS Security Options
  • Granting or Denying Access to the LDAP Service
  • Controlling Access with Authentication
  • Using Secure Socket Layer (SSL) Support for ILS
• Configuring ILS Options
  • Managing ILS Database Entries Using the ILS Web Pages
  • Setting ILS Parameters Using ISM and Inetcfg
  • Configuring Internet Locator Server Using ISM
  • Configuring Internet Locator Server Using Inetcfg
• Maintaining Data and Logs
  • Maintaining and Viewing ILS Transaction Logs
  • Maintaining and Viewing Windows NT Event Logs
  • Modifying Log Settings

Performing Maintenance Tasks

Maintenance involves preserving the links and processing within and between servers. This section provides procedures for maintaining ILS, including startup and shutdown, accounts administration, configuring with administrative tools, log-file maintenance, and backup. Use these procedures to keep ILS running and available to clients.

iiiiiiiii

Starting and Stopping ILS

iiiiiiiiiiiiAlthough ILS services are configured to start automatically when you turn on the computer, they can be manually stopped and restarted. However, while ILS is operating, stopping and restarting the service must be done carefully so that connected users are not affected.

Starting and stopping ILS involves the following services:

• WWW Service Starting and stopping the HTTP protocol affects access for Web browser clients. To provide Web access to ILS, the IIS WWW service must be running. If you stop IIS WWW, only the Web clients using the HTTP protocol are affected. For information about starting and stopping IIS services, see the IIS documentation.

Note   The WWW service must be running to support Intel Internet Phone clients.

• LDAP Service Starting and stopping the LDAP service affects access for third-party LDAP- customers. When the LDAP service is running, it listens on the standard LDAP port (389). Stopping the LDAP services removes the listening agent from the LDAP port and disables directory services for these clients.
• ILS Service Enabling or disabling ILS affects access to the dynamic database directory stored in memory. ILS must be running for users to have access to information in the ILS database.

Starting and stopping the ILS involves the following tasks:

• Manually starting LDAP and WWW services
• Manually stopping LDAP and WWW services
• Manually enabling or disabling the ILS service
• Starting and stopping multiple ILS servers

The following are procedures for each task.

Manually Starting LDAP and WWW Services

With this procedure you can start the ILS service through Internet Service Manager (ISM) either on a local or remote computer.

To manually start the LDAP and WWW services using ISM

1. Start Internet Service Manager.
2. Find the LDAP service and click the computer name next to it. The listed computer name should match the name of the computer on which you are starting ILS.
3. Click the Start Service button.
4. Find the WWW service and click the computer name next to it. The listed computer name should match the name of the computer on which you are starting ILS.
5. Click the Start Service button.

To manually start the LDAP and WWW services from the command line

• At the command prompt on the computer on which you want to run the LDAP service, type the following:

Net start ldapsvc

Net start w3svc

Note   You must start the LDAP service before using the ILS server component.

Manually Stopping LDAP and WWW Services

With this procedure you can manually stop the LDAP and WWW services.

To manually stop the LDAP and WWW services using ISM

1. Start Internet Service Manager.
2. Find the LDAP service and click the computer name next to it. The listed computer name should match the name of the computer on which you are stopping ILS.
3. Click the Stop Service button.
4. Find the WWW service and click the computer name next to it. The listed computer name should match the name of the computer on which you are stopping ILS.
5. Click the Stop Service button.

You can stop ILS from the command line by using these instructions:

To manually stop the LDAP and WWW services from the command line

• At the command prompt on the computer on which you want to stop the LDAP and WWW services, type the following:

Net stop ldapsvc

Net stop w3svc

iiii

Manually Enable or Disable the ILS Service

With these procedures you can manually start or stop the ILS service.

To manually start or stop ILS using ISM

1. Start Internet Service Manager.
2. Find the LDAP service, and then click the computer name next to it. On the Properties menu, click Service Properties.
3. Click the ILS Server tab.
4. To start the ILS service, select the Enable ILS Server check box. To stop the ILS service, clear the check box.

To manually start or stop ILS using inetcfg

• At the command prompt, type

inetcfg LDAP Set_ILS_Settings ClientTTL EnableULS {0 | 1} MaxUsers [ServerName]

Example

inetcfg LDAP Set_ILS_Settings 60 1 1024 server01

The example sets the ILS time-to-live default to 60 minutes, enables ULS, sets the maximum number of registered users to 1,024, and establishes itself on the server01 server.

Note   For the settings to take effect, the LDAP service must be stopped and restarted.

iiii

Starting and Stopping Multiple ILS Servers

From one ISM station, you can control IIS on any other computer on the LAN. To do this, you must have administrator privileges on the computers that are hosting the services you want to start or stop.

To start or stop multiple servers using ISM

1. Start Internet Service Manager.
2. Click the Find All Servers button.
3. Click the names of the servers that are hosting the services you want to start or stop. In order to start or stop these services, you must have administrator privileges on each server.
4. Click Start Service or Stop Service.

iiiiiiii

Administering Security and Access

iiiiiAs with other Microsoft Internet services, ILS relies heavily on the security and access control features built into Microsoft Windows NT Server and IIS. This section describes an approach to managing the accounts, permissions, access rights, domains, and other security-related issues for ILS.

To control access to the ILS database, you will need to set up administrator rights as well as specify which users and computers can access the ILS directory information. To do this, you can use Internet Service Manager and Windows NT Server User Manager. You may want to control access to ILS by way of the HTTP or LDAP interface using an authentication provider. i

The ILS service also supports secure communication via the Secure Sockets Layer (SSL) protocol. Installing a certificate for ILS enables SSL for LDAP communication to the ILS server. The SSL port number is 636. For more information about SSL support, see the IIS documentation.

Administering security and access involves the following tasks:

• Setting ILS security options
• Granting or denying access to the LDAP service
• Controlling access with authentication
• Setting up SSL support for ILS

Following are procedures for these tasks.

iiiiii

Setting ILS Security Options

With this procedure you can specify the authentication necessary for clients to use ILS. You can also set security options by using ISM.

To set ILS security options using ISM

1. Start Internet Service Manager.
2. Find the LDAP service, and then click the computer name next to it. On the Properties menu, click Service Properties.
3. Click the Service tab.
4. In the Password Authentication group, set the authentication options that are appropriate for your server, as follows.
   • To allow all clients to access your directory information, select Anonymous Authentication. Anonymous users are mapped onto the Windows NT privileges of the user name that you supply in the Anonymous Logon control group.
   • To require ILS users to have certain Windows NT privileges, select Windows NT Challenge/Response authentication. To specify which privileges are required, use Windows NT User Manager.

Note   The Basic (No Encryption) item is provided with the overall LDAP service, but does not govern settings in ILS-only installations.

i

Granting or Denying Access to the LDAP Service

With this procedure a client computer can be granted or denied access based on its IP address. You can also configure computer access control by using ISM.

To grant or deny access to the LDAP Service

1. In ISM, select LDAP.
2. On the Properties menu, click Service Properties.
3. Click the Advanced tab.
4. To set the default to allows access to all users, click Granted Access. To set the default to prevent access to all users, click Denied Access.
5. To grant or deny access to specific users, click Add, Edit, or Remove, and follow the steps as applicable for the operation.

iii

Controlling Access with Authentication

Authentication provides facilities to register new users, authenticate existing users, authorize access to areas of the service on a controlled basis, and generate billing events for processing by an external billing engine. Using a system of authentication allows an account to maintain a single user ID/password identity across all services and enables use of standard system services for controlling, auditing, and managing content rights.

ii

Using Secure Socket Layer (SSL) Support for ILS

ILS supports LDAP SSL through port 636. Any SSL configured client can open an SSL connection to the ILS server through this port. After you install ILS, you can use Microsoft Internet Service Key Manager to create a new key and add a certificate for SSL. After you create the new key, submit it to your certification authority. When you receive a valid key certificate, you then import into Key Manager to associates it with the key you created earlier.

For information about using Key Manager, see the documentation for Microsoft Internet Service Manager. For more information about SSL, see the documentation for Microsoft Internet Information Server version 3.0.

iiiiiiiii

Configuring ILS Options

Configuring ILS involves setting and updating the partitions and partition sources. ILS includes two administration tools:

• ISM LDAP Service Properties pages, which you can use to administer ILS just as you would any other Windows Internet service.
• The inetcfg command line tool, which you use by typing commands at the command prompt. Some ILS administrative functions are available only from ISM.

To run ISM LDAP Service Properties

1. Open Internet Service Manager.
2. Make sure that the service is running, and then double-click the LDAP Service item.

For a complete description of the fields on the ISM LDAP Service Properties pages, see Chapter 4 in the Internet Locator Server Operations Reference.i

To run Inetcfg

• At the command prompt, type the inetcfg command in the following form:
  inetcfg LDAP CommandName Settings
  
  where CommandName is the operation that inetcfg will initiate and Settings represents the parameters to use for the specified operation. The following sections contain descriptions of each command and the valid parameters that can be specified.

Note   For a list of all the commands relevant to ILS, type inetcfg LDAP at the command prompt.

All ILS inetcfg commands use the same general syntax. For a complete description of the inetcfg command line tool for ILS, see Chapter 4 in the Internet Locator Server Operations Reference.

Configuring ILS involves the following tasks:

• Setting ILS connection parameters
• Setting query result parameters
• Configuring Internet Locator Server
• Adding, viewing, modifying, and deleting ILS database entries

The following sections contain procedures for accomplishing each task.

iiiiii

Managing ILS Database Entries Using the ILS Web Pages

Web pages can be built to add, modify, and delete entries online. For information about using Web pages to manage ILS database entries, see the Internet Locator Server Web Page Author’s Guide.

iiii

Setting ILS Parameters Using ISM and Inetcfg

If you expect a high volume of traffic coming through your ILS server, you should set a higher value for the maximum number of connections from clients.

This setting represents the maximum number of connections from all sources to the ILS server. You can set the Maximum Connections option on the Service tab for LDAP Service Properties in ISM and using inetcfg.

To set ILS connection parameters using ISM

1. Click the Service tab on the LDAP Service Properties page.
2. Set the Maximum Connections value, which specifies the number of concurrent connections that ILS can handle.
3. Restart the service for changes to take effect.

To set ILS connection parameters using Inetcfg

• At the command prompt, type

inetcfg LDAP Set_ILS_Settings ClientTTL EnableULS {0 | 1} MaxUsers [ServerName]

Example

inetcfg LDAP Set_ILS_Settings 60 1 1024 server01

The example sets the ILS time-to-live default to 60 minutes, enables ULS, sets the maximum number of registered users to 1,024, and establishes itself on the server01 server.

iiiii

Configuring Internet Locator Server Using ISM

Internet Locator Server gives users the ability to store real-time information about themselves (for example, their current IP address) in a dynamic directory. Other users can then use this information to make direct connections over the Internet. ILS can be administered from ISM or inetcfg.

Note   The LDAP service must already be running for Microsoft NetMeeting or Intel Internet Phone clients to connect to the ILS server.

To configure Internet Locator Server using ISM

1. Click the ILS Server tab.
2. Enable or disable ILS by checking or clearing the Enable ILS Server box.
3. Click Client Time to Live (TTL). The TTL selected applies to all new entries created in the ILS database. It specifies how long ILS should wait between client refreshes before purging the database of the client’s entry. When clients register with the ILS server, they are told how often they should refresh their entries.
4. Set the Maximum Registered Users value, which specifies the maximum number of ILS entries that the ILS database can hold at one time.
5. When you have made all of your changes to ILS, click OK to return to the Internet Service Manager window.
6. Stop and restart the LDAP service to activate the new parameters.

Configuring Internet Locator Server Using Inetcfg

Use the following procedures to configure ILS using inetcfg.

To enable or disable ILS

• At the command prompt, type the inetcfg command in the following form:

inetcfg LDAP Enable_ILS_Server EnableILS {0 | 1} [ServerName]

Example

inetcfg LDAP Enable_ILS_Server 1

The example enables the ILS server.

To specify ILS refresh intervals (TTL) or the maximum registered users

• At the command prompt, type the inetcfg command in the following form:

inetcfg LDAP Set_ILS_Settings ClientTTL Enable ULS {0 | 1} MaxUsers [ServerName]

Example

inetcfg LDAP Set_ILS_Settings 60 1 1024 server01

The example sets the ILS time-to-live default to 60 minutes, enables ULS, sets the maximum number of registered users to 1,024, and establishes itself on the server01 server.

Note   If you change MaxUsers, you must restart the ILS service for changes to take effect.

To view the current ILS settings

• At the command prompt, type the inetcfg command in the following form:

inetcfg LDAP Get_ILS_Settings [ServerName]

ServerName is the name of the server to process the command. If you do not specify a server name, the command is processed by the current server.

Example

inetcfg LDAP Get_ILS_Settings server01

The example retrieves and displays the ILS settings on the server01 server.

iiiiiiii

Maintaining Data and Logs

Maintaining data and logs involves servicing the output mechanisms of ILS. The output provides an audit record of ILS processes, in the form of transaction logs and data files.

ILS can be configured to generate entries in a log file or database when significant events occur. There are two types of log files:

• A transaction log is maintained by ILS directly and can be set up as a file or a database. ILS creates an entry in this log each time a client transaction occurs. For example, ILS will log each creation or deletion of an ILS entry. The parameters for this logging process can be set from the command line, ISM, or the Web, as described in earlier sections. For samples of the activity generated by a transaction log, see Chapter 5 in the Internet Locator Server Operations Reference.
• A Windows NT event log reports service errors that can occur while the ILS service is in operation. ILS sends messages detailing significant events to the Windows NT event framework, where you can view them using Windows NT Event Viewer. For more information about ILS Windows NT events, see Chapter 2 in the Internet Locator Server Operations Reference.

Because the transaction logs occupy disk space, you must occasionally remove the transaction logs. If you want to save the data in the logs, copy the files to an archival location. Then delete the log files. To minimize disk space taken up by transaction logs, turn on logging only when you need it.

You can use the ISM, Web-based, or inetcfg administration tools to configure the ILS transaction log settings. This process is described in "ISM Admin Tool" in Chapter 4 of the Internet Locator Server Operations Reference.

Log-file and data-file maintenance involves the following tasks:

• Maintaining and viewing ILS transaction logs
• Maintaining and viewing Windows NT event logs

Following are procedures for these tasks.

iiii

Maintaining and Viewing ILS Transaction Logs

ILS can create a log entry for every directory transaction that it processes. You can have ILS create new log files on a daily, weekly, or monthly basis, or whenever the file size grows beyond a certain point. You can have ILS create log entries in a file or an ODBC database.

When ILS is set up to log transactions to files, the file names represent the date on which the log was created. For example, a log file created on July 27, 1996 would be named Jn960727.log.

Note   You can use any text editor to view the ILS transaction logs.

Maintaining and Viewing Windows NT Event Logs

iILS creates Windows NT event log entries when significant events occur. You can use Windows NT Event Viewer application to view these event logs. Transaction logs coupled with Windows NT event logs are the primary methods for monitoring the health of the ILS system.i

To view Windows NT event logs

1. Open Windows NT Event Viewer.
2. To view the system log, click System on the Log menu. ILS-generated events carry a designation of LDAPSVC or MSIABS in the Source column.
3. For more information about a specific log entry, double-click it.

iiiiiiiii

Modifying Log Settings

ILS can record significant event notifications in a system file or an SQL database. The SQL Server must be prepared to receive the log entries. For information about setting up SQL to receive ILS log entries, see the SQL documentation. Log settings can be controlled from ISM.

To modify log settings using ISM

1. Click the Logging tab.
2. To turn logging on or off, select or clear the Enable Logging box.
3. Specify Log to File or Log to SQL/ODBC Database.
4. If Log to File is selected, specify the log file directory and logging schedule using the controls associated with Log to File.
   -or-
   If Log to SQL/ODBC database is selected, fill in the following fields:

Return to Start Page

© 1996-1997 Microsoft Corporation. All rights reserved.