List of registry keys affecting IIS7 behavior

Few months ago, I fired procmon and collected all the registry keys IIS7 processes read. I then gathered the information about these registry keys from different people in the team and also collected available information on the internet. I have been sitting on this information for quite a while hoping to make it complete and finally I got enough time during this holiday period to finish this. Below is what all I could gather. Keys affecting FTP/FTP7 and Asp.Net are not included in this article. There are few IIS7 keys omitted from this list either because I couldn’t think of why people would like to change it or because we don’t want to people to modify those. If you see any information missing or incorrect as per your knowledge, please send me a message.

Common (keys read by many parts of IIS)

1. HKLM\SOFTWARE\Microsoft\InetStp\Configuration\MaxWebConfigFileSizeInKB (REG_DWORD)
Nativerd.dll uses the value of this registry key to determine the maximum allowed size (in KB) of web.config files. Configuration system will produce error “Cannot read configuration file because it exceeds the maximum file size” if it encounters a web.config larger than this size. Configuration system assumes a default value of 250 (100 in Vista RTM). Changing the value of this key will require a process restart.

2. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\LastPriorityUPNLogon (REG_DWORD)
This registry key switches the order in which IIS processes try to do a user logon.  Default value is 0 (false) which means UPN logon is not last priority. IIS uses the UPN format first and then the “domain” and username” fields.  Setting this key to non-zero switches it so that IIS uses domain and username first and then the UPN logon.

3. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\UserTokenTTL (REG_DWORD)
This key controls how long IIS will cache a user token before releasing it and recreating it (as needed). Default value is 900 (seconds). This key is used by token cache module in worker process and also by WAS. Read more about it here.

WAS

4. HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationEnabled (REG_DWORD)
Default value of this key is 1 (configuration isolation enabled). Setting this registry to key to 0 will disable configuration isolation and worker process will try to read applicationHost.config directly. Any value other than 0 or 1 is assumed as default value. If you disable configuration isolation, you might need to change ACLs of %windir%\system32\inetsrv\config folder to grant worker process read access to applicationHost.config. As configuration isolation feature is not available in Vista RTM, this key is not valid on it.

5. HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationPath (REG_SZ)
This regkey dictates the folder path where temp apppool config files are created by WAS. Default value of this key is %systemdrive%\inetput\temp\apppools. If you change this location make sure that LocalSystem has full access to the folder. This is not valid on vista RTM as the configuration isolation feature is not available.

6. HKLM\System\CurrentControlSet\Services\WAS\Parameters\AlwaysLogEvents (REG_DWORD)
If WAS detects an invalid object for some reason, it doesn’t allow object to log errors.  This registry switch allows users to see these errors. Default is 0 which means WAS won’t log events. Any non-zero value enables logging.

7. HKLM\System\CurrentControlSet\Services\WAS\Parameters\UseSharedWPDesktop (REG_DWORD)
Read about it here.

IISADMIN

8. HKLM\System\CurrentControlSet\Services\IISADMIN\Parameters\EnableABOMapperLog (REG_DWORD)
This registry key can be used to enable ABOMapper logging. When set to 0 (default value), ABOMapper doesn’t log any information. When set to non-zero value, a log is created as %windir%\system32\abomapper.log and ABO will spew debug information in this file. You need to restart iisadmin after you change this key. http://support.microsoft.com/kb/931208 has more information about it.

9. HKLM\System\CurrentControlSet\Services\IISADMIN\Parameters\LazyWriteTime (REG_DWORD)
This registry key can be used to make ABOMapper buffer the configuration changes for sometime before it commits the changes to disk. Default value of this registry key is 0 which means lazy writer is OFF by default. Setting this key to value greater than 0 turns on Lazywriter with the lazy write time equal to the time set in the registry (interpreted as number of milliseconds).

W3WP

10. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ConfigPollMilliSeconds (REG_DWORD) (not there in vista rtm)
Default value of this key is 0 (disabled) which means configuration system will rely on change notifications for tracking changes to configuration files. Positive value of this key means configuration system will check configuration file last modified time every N milliseconds to find changes to configuration files and will not use directory monitors.

11. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ObjectCacheTTL (REG_DWORD)
This regKey is used by both user mode file cache and kernel mode output cache. Both these caches run a scavenger every ObjectCacheTTL seconds. Read more about it here.

12. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DisableMemoryCache (REG_DWORD)
When this regKey value is set to non-zero, file cache is disabled. By default value of this key is assumed to be 0 and file cache is enabled. Read about it here.

13. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxCachedFileSize (REG_DWORD)
This regKey is used by file cache to determine maximum size (in bytes) of file which can be cached. Any file of size greater than this value is not cached. Default value of this key is 256KB. Read more about it here.

14. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxCachedFileSizeInMB (REG_DWORD)
MaxCachedFileSize which is the max size in bytes cannot be set to greater than 4GB. You can use MaxCachedFileSizeInMB instead to set max file size to cache greater than 4GB. If both MaxCachedFileSizeInMB and MaxCachedFileSize is defined, effective max cached file size is sum of both these values. As default value of MaxCachedFileSize is 256KB, defining only this regKey will increase effective max size by 256KB. Default value of this regKey is 0.

15. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MemCacheSize (REG_DWORD)
This regKey dictates maximum amount of memory which will be used by file cache in a worker process. Default value of this regKey is 0 which means cache size is determined dynamically by looking at available physical memory and total virtual memory. When set to 0, value is adjusted every ObjectCacheTTL seconds. Read about it here.

16. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxOpenFiles (REG_DWORD)
File cache caches a maximum of MaxOpenFiles number of files. Default value is 0 which means no limit.

17. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DoDirMonitoringForUnc (REG_DWORD)
By default file cache doesn’t use change notifications for UNC files. Setting this regKey to 1 enables directory monitoring for UNC paths. Read more here.

18. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\FileAttributeCheckThreshold (REG_DWORD)
File cache checks last modified time of UNC files every FileAttributeCheckThreshold seconds to detect file changes. Default value of this key is 5 (seconds). Read about it here. User mode and kernel mode output caches also uses this key to determine how long output of files which have virtual file mapping (handler configured with resourceType=Unspecified) should stay in response cache.

19. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\FlushTokenCache (REG_DWORD)
Token cache module registers for a change notification for this key and as soon as this is set to 1, it flushes the token cache. You should set this back to 0 after changing to 1. Read more about it here.

20. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\HttpResponseCacheTTL (REG_DWORD)
This regKey defines http.sys response cache TTL whose default value is 900 (seconds).

21. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\OutputCacheTTL (REG_DWORD)
User mode output cache uses value of this regKey as TTL. Default is 30 (seconds). A scavenger is run every TTL seconds to remove content from the cache as needed.

22. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\EnableTraceMethod (REG_DWORD)
This regKey is read by protocol support module (protsup.dll). Trace verb is enabled only if this registry key is set to a non-zero value. If this key is not set or is set to 0, trace requests are returned as 404. Read more here.

23. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DigestPartialContextCacheTTL (REG_DWORD)
First time when client connects to a site that requires digest authentication, it will receive an initial challenge. This initial challenge is based on the partial security context which needs to be kept around for the client to be able to finish the digest auth handshake. DigestPartialContextCacheTTL regKey allows you to set the timeout value which controls how long IIS should keep partial contexts around. Read more about it here.

24. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DigestContextCacheTTL (REG_DWORD)
After successful digest auth handshake full security context can be kept around but eventually upon inactivity full security contexts have to be flushed. DigestContextCacheTTL controls how long full security contexts should be stored. Read more here.

25. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\DontFlushCachedIsapiResponses (REG_DWORD)
Default value of this key is false. When set to non-zero, ISAPI module calls SetKernelInvalidatorSet. Read about it here.

26. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ForwardServerEnvironmentBlock (REG_DWORD)
CGI handler uses this key to determine if it should forward all the environment variables defined in the worker process are to CGI process or not. Default is true. Setting this regKey to 0 will make CGI handler to not forward environment block to CGI.

27. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\MaxConcurrentCgisExecuting (REG_DWORD)
This key is used by CGI handler to determine maximum number of CGIs that can execute concurrently. Default value of this is 256. Read more about it here.

28. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\DoNotKillCgiOnRequestEnd (REG_DWORD)
Default value is false. You can set it to true to tell CGI handler to not kill the processes on request end.

ASP

Registry keys listed below are used by ASP ISAPI. Details on all these regKeys can be found here.

29. HKLM\System\CurrentControlSet\Services\ASP\Parameters\F5AttackDetectionEnabled (REG_DWORD)
30. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetRequestThreshold (REG_DWORD)
31. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetThreadHungThreshold (REG_DWORD)
32. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetConsecIllStatesThreshold (REG_DWORD)
33. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetEnabled (REG_DWORD)
34. HKLM\System\CurrentControlSet\Services\ASP\Parameters\EnableChangeNotificationForUNC (REG_DWORD)
35. HKLM\System\CurrentControlSet\Services\ASP\Parameters\FileMonitoringEnabled (REG_DWORD)
36. HKLM\System\CurrentControlSet\Services\ASP\Parameters\FileMonitoringTimeoutSeconds (REG_DWORD)
37. HKLM\System\CurrentControlSet\Services\ASP\Parameters\MaxCSR (REG_DWORD)
38. HKLM\System\CurrentControlSet\Services\ASP\Parameters\MaxCPU (REG_DWORD)
39. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableOOMRecycle (REG_DWORD)
40. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableLazyContentPropagation (REG_DWORD)
41. HKLM\System\CurrentControlSet\Services\ASP\Parameters\ThreadMax (REG_DWORD)
42. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableComPlusCpuMetric (REG_DWORD)
43. HKLM\System\CurrentControlSet\Services\ASP\Parameters\AspMaxResponseHeaderLength (REG_DWORD)
44. HKLM\System\CurrentControlSet\Services\ASP\Parameters\AspMaxPropertyStringLength (REG_DWORD)
45. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableCachedResponseOnUNCAccessFailure (REG_DWORD)

46. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableCertificateBlobAsArray (REG_DWORD)
Certificates Blob can be returned as an Array. But some programs dont want them as a Array. Disable this for then. Read more here.

IIS Manager and WMSVC

47. HKLM\Software\Microsoft\Inetmgr\Parameters\IncrementalSiteIDCreation (REG_DWORD)
Default value is 0 which means incremental site id is not enabled. You can set this key to 1 to enable it. This key is read by inetmgr.exe every time a site is created. So you don’t need to restart inetmgr.exe after changing this key. Read more here.

Following registry keys are used to store settings required by WMSvc for remote management. Changes to these keys require WMSvc restart. You should use IIS7 UI to change these settings whenever possible. Some more information about these is available here here.

48. HKLM\SOFTWARE\Microsoft\WebManagement\Server\IPAddress (REG_SZ)
Default value of this regKey is * which means all unassigned IP addresses.

49. HKLM\SOFTWARE\Microsoft\WebManagement\Server\Port (REG_DWORD)
If this key is not defined, port is assumed as 8172.

50. HKLM\SOFTWARE\Microsoft\WebManagement\Server\RequiresWindowsCredentials (REG_DWORD)
Default value of this key is 0 which means both windows and IIS manager users can be used. When set to 1 only windows users are allowed.

51. HKLM\SOFTWARE\Microsoft\WebManagement\Server\EnableLogging (REG_DWORD)
Default value is 1 which means logging is enabled. Setting this key to 0 will disable WMSvc logging.

52. HKLM\SOFTWARE\Microsoft\WebManagement\Server\LoggingDirectory (REG_SZ)
Value of this key is used as the log location whose default is %systemdrive%\inetpub\logs\wmsvc.

53. HKLM\SOFTWARE\Microsoft\WebManagement\Server\EnableRemoteManagement (REG_DWORD)
Default value is 0 which means remote management is disabled. When this key is set to 1 remote management is enabled.

54. HKLM\SOFTWARE\Microsoft\WebManagement\Server\RemoteRestrictions (REG_SZ)
55. HKLM\SOFTWARE\Microsoft\WebManagement\Server\SslCertificateHash (REG_BINARY)
56. HKLM\SOFTWARE\Microsoft\WebManagement\Server\SelfSignedSslCertificateHash (REG_BINARY)

W3TP (Keys affecting thread pool manager used by WAS and worker process)

57. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxPoolThreads (REG_DWORD)
These is soft limit on maximum number of threads which will be used and is adjusted dynamically. By default its value is 20 * number of processors. Read more here.

58. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\PoolThreadLimit (REG_DWORD)
This is the absolute maximum thread count. Min = 64, Max = 256. Default value is calculated based on available physical memory. Read more here.

59. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadTimeout (REG_DWORD)
Default is 1800 (seconds). Read about it here.

60. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolStartupThreadCount (REG_DWORD)
Number of threads to start on startup. Default is 4 if number of processors is less than 4 or equal to number of processors. Less than 1 is interpreted as 1.

61. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolMaxCPU (REG_DWORD)
If CPU usage is more than this value, new threads are not created. Default is 95. Read about it here.

62. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolStartDelay (REG_DWORD)
Default is 1 sec. Read more here.

63. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolExactThreadCount (REG_DWORD)
Default is 0 which means not set. If set initial thread count is set to this value and thread count is not changed dynamically.

64. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxConcurrency (REG_DWORD)
This key dictates number of threads allowed to concurrently process I/O. Default value is 0 which means the system allows as many concurrently running threads as there are processors in the system. Read more here.

Hope this helps.


-Kanwal-

Ins & Outs of hostable web core

I started writing an application which uses hostable web core (HWC) functionality of IIS7 and before making it available for download I thought it will be useful to write about HWC in detail. Hostable web core enables processes other than w3wp.exe to load IIS core and do almost everything that a worker process can do. One of these “hostable” solutions is the new IIS7 UI tool.  It needs to be able to change the configuration of IIS without affecting itself.  So the tool needs to run independent of IIS and HWC gives it exactly that. I have also used it before to find native modules registration information (check it out here).

Introduction

HWC allows you to host IIS core in your own process and serve http requests. It allows you to operate using your own applicationHost.config and root web.config files and doesn’t require you to be dependent on applicationHost.config or root web.config which IIS uses. When you use HWC to serve http requests, you get the full power of IIS including SSL, compression, authentication etc. As you host the IIS core in your own process, WAS (windows activation service) doesn’t control this instance of IIS and you don’t get process model support. With this, you also don’t get support for RSCA and non-http protocols. IIS performance counters doesn’t count requests to this instance as well. Application pool identity is always host process identity and not the one configured in your appHostConfig but credentials configured for accessing virtual directories are still used. Pass-through authentication, tracing, logging works as expected. There is no support provided for you to pre-reserve the URLs with http.sys. You can pre-reserve the URL’s that the application will be wanting to use using “netsh http add urlacl” and also configure HTTP.sys SSL using “netsh http add sslcert” if needed.

To use HWC in an application, all you need to need to do is call WebcoreActivate exposed from %windir%\system32\inetsrv\hwebcore.dll. You can refer to my previous blog for reference to how to call in native code. For calling from managed code, following class might be useful.

class HWCInterop
{
    [DllImport(@"%windir%\system32\inetsrv\hwebcore.dll")]
    public static extern int WebCoreActivate(
        [In, MarshalAs(UnmanagedType.LPWStr)]
        string appHostConfigPath,     // Required
        [In, MarshalAs(UnmanagedType.LPWStr)]
        string rootWebConfigPath,    // Optional
        [In, MarshalAs(UnmanagedType.LPWStr)]
        string instanceName);             // Required

   
[DllImport(@"%windir%\system32\inetsrv\hwebcore.dll")]
    public static extern int WebCoreShutdown(
        bool immediate);
}

WebcoreActivate


WebcoreActivate need to be called to load the IIS core in your process and activate the runtime. You need to pass full path to configuration file which will act as replacement of applicationHost.config, an optional replacement of root web.config and an instance name which will be used in event logs. As this instance of web core has its own applicationHost.config, global parameters values including list of global modules, isapiFilters etc can be different from what is configured for worker processes. WebcoreActivate does input validation and in turn calls HostedW3SVCStart in iisw3adm.dll which in turn loads all the dependent dll’s for the IIS core as well as configure http.sys.  Method returns successfully when HWC is successfully able to create the request queue in HTTP.sys and is ready to receive requests.

Each instance of HWC requires its own applicationHost.config file which must conform to following restrictions.
  è Your process will act as the worker process. As there is only one process involved, appHostConfigPath can have only 1 application pool definition.
  è IIS uses application pool name as the request queue name in HTTP.sys. So application pool name in configuration should be unique. Else application which registers the request queue name first will only succeed.
  è You need at least 1 website defined in the configuration. Lack of any site being defined will produce an error on activation.
  è The site binding should not conflict with other site bindings which you might have on the system else IIS core will get an error from http.sys which will appear as a failed call to WebcoreActivate.
  è All applications configured must be configured to use the one application pool defined.

If you see that this method is failing, following list might be helpful to find the error.

  o   If appHostConfigPath has multiple application pools defined in it, this method will fail with error 0x80070038.
  o   If site binding is not unique and http.sys fails to reserve URL for you or application pool name is already registered with http.sys, WebcoreActivate will fail with error 0x800700B7.
  o   If configuration file passed has no sites configured, method will fail with error 0x80070015.
  o   If configuration has only one application pool but applications configured use other application pools as well, a warning is generated that application is ignored and method fails with error 0x80070044.
  o   All configuration system checks are still valid. So invalid xml in configuration or duplicate site ids will produce 0x8007000D.
  o   Invalid appHostConfigPath (blank or null), invalid instance name (blank or null or consisting of space/tabs) fail with error 0x80070057 (ERROR_INVALID_PARAMETER).
  o   If method is called multiple times and method detects that web core is already loaded, method will fail with erro 0x80070420 (ERROR_SERVICE_ALREADY_RUNNING).
  o   If appHostConfigPath is not valid, method will return 0x80070490.

WebcoreShutdown

When ready to shutdown, call WebcoreShutdown which in turn calls HostedW3SVCStop in iisw3adm.dll. You can choose to do an immediate shutdown which closes the application pool disconnecting all the clients immediately or do a gentle shutdown which marks application pool as stopped but does complete requests in flight. Regardless of the type of shutdown, shutdown always allow the requests in the worker process to complete. If called when service is not even running (WebcoreActivate was never called or it failed), method fails with error code 0x80070426 (ERROR_SERVICE_NOT_ACTIVE).

I hope that now you feel much more confident while using this feature of IIS7.

-Kanwal-