Welcome to WebmasterWorld Guest from 54.87.18.165

Forum Moderators: ocean10000

Message Too Old, No Replies

Has anybody upgraded to the 2008 IIS 7

I am wondering as it looks like I will need to make the jump

     
7:36 pm on Aug 28, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3589
votes: 45


Doing a PCI compliance and I found out II6 windows 2003 has a flaw and when searching for a possible fix I find the fix is "You are strongly recommended to upgade to winddows 2008 II7"on microsofts page.
The cost to upgrade is 999.00 just wondering if anyone has any input on the upgrade.
8:48 pm on Aug 28, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month

joined:Jan 14, 2004
posts:864
votes: 3


I normally upgrade the entire server at once. And retire the old hardware once the new servers are in place. I haven't done an actual upgrade of windows server since NT 4 to Windows 2000.

I am curious about this PCI Compliance issue though? Are you able to talk more about this. I think others may find themselves in the same situation. And this thread might help them out.

As for IIS 6 to IIS 7, Microsoft completely revamped IIS 7 so depending on the application, you might have to do some recoding / configuration changes to make sure everything works as expected.

2:14 am on Aug 31, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3589
votes: 45


Ocean here is what I am finding out. I am PCI compliant Long story. I did a free PCI scan by Hacker Guardian and am getting this issue.

Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.

Doing some research on this I find this is what is recommended.

[support.microsoft.com...]

Open to your help as to what you might suggest.

1:46 pm on Aug 31, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month

joined:Jan 14, 2004
posts:864
votes: 3


To be honost the ability to disable SSL 2.0 small registy change, which is noted in the KB article. I think the note pushing IIS7/windows server 2008 is more of a marketing push then anything else.

Owen.

1:52 pm on Sept 1, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3589
votes: 45


Thanks Owen my bad I didn't scroll down. =Du