U-Tools: Unique Tools for Windows System Administrators
U-Move Help

Must Copy Internet Information Services

The Internet Information Services (IIS) security database must be copied in order for IIS to run correctly.

Internet Information Services (IIS) provides web services on Windows. A key part of IIS is its security database, sometimes called the “metabase”. The security database contains a list of security settings for IIS.

Some parts of the security database are encrypted. The encryption key is tied to Active Directory. The IIS metabase must have a matching encryption key. If the encryption key does not match, the IISAdmin service will fail to start and will report the error message “Access Denied”. Therefore whenever you clone AD (and you intend to run IIS on the destination computer) you must always copy the IIS metabase.

How To Fix This Error

The only time you can skip moving the IIS security database is when the encryption key is unchanged. (For example, when restoring AD on the same computer or when moving AD to the destination computer a second time.)

The procedure to fix this error depends on whether or not the source computer had IIS installed. (See below.)

Procedure 1: The source computer did not have IIS installed

If the source computer did not have IIS installed, there is no encryption key to copy. In this case you must uninstall IIS from the destination computer. (You can re-install it later.) Use the following procedure.

To uninstall IIS on Windows Server 2012-2016:

  1. Hold down the Windows Key and press X.
  2. Click on Control Panel -> System and Security -> Administrative Tools -> Server Manager.
  3. Right-click on Roles -> Remove Roles.
  4. Uncheck the box next to Web Server (IIS) and click Next.
  5. Click Remove to uninstall IIS.

To uninstall IIS on Windows Server 2008:

  1. Click on Start -> Control Panel -> System and Security -> Administrative Tools -> Server Manager.
  2. Right-click on Roles -> Remove Roles.
  3. Uncheck the box next to Web Server (IIS) and click Next.
  4. Click Remove to uninstall IIS.

To uninstall IIS on Windows Server 2003:

  1. Click on Start -> Settings -> Control Panel -> Add/Remove Programs.
  2. Press the button Add/Remove Windows Components.
  3. Highlight Application Server and click the Details button.
  4. Uncheck the box next to Internet Information Services (IIS) and click OK.
  5. Click Next to uninstall IIS.

After moving Active Directory you can re-install IIS.

Procedure 2: Turn on the Advanced Option to copy the IIS security settings

To turn on the Advanced Option to copy the IIS security settings. Use the following procedure:

  1. Right-click on the U-Move dialog. A pop-up menu will appear.
  2. Click on Advanced.
  3. Check the box next to “Move the IIS metabase”.
  4. Press OK.

U-Move must copy the IIS security settings, otherwise IIS will not be able to start websites because the encryption keys for the websites will be missing or incorrect.

For more information

See Moving IIS Security Settings.