KBA-01651: Preparing an IIS Server


Is there an easy way to prepare an IIS server for sfPMS?


We require Windows 2012 R2 or later.  We strongly recommend Windows 2016 or Windows 2019.

“Hardware” Resources

In this day of virtualization, resources allocated to the IIS node are flexible.  Here are our requirements:

Minimum  Recommended 
(at 2.5 Ghz or better)
2 4
GB of RAM 12GB 12-16
(can be dynamic)
Boot Drive – GB 60 80

Recommendations are for an IIS node that services 20-30 concurrent users.  As the number of users grows beyond 50, additional resources will certainly be required.  You might start with a  split of the ATC and ICTool components into a separate IIS node.  Farm deployments are recommended for more than 60 users and certainly increase reliability and resilience.

Using PowerShell

  1. Download the Role Deployment XML from the NewInstall resources folder, save the file in c:\spitfire\IIS-RoleDeployment.xml
  2. Open PowerShell as an Administrator
  3. Type (or paste) the following command to run the Install-WindowsFeature
    Install-WindowsFeature -ConfigurationFilePath c:\spitfire\IIS-RoleDeployment.xml
  4. Repeat for IIS-RoleDeployment-WebSockets.xml or manually using the Add Roles and Features tool.
  5. Open ports for the ATC service
    netsh advfirewall firewall add rule name = SFATC dir = in protocol = tcp action = allow localport = 14491-14492 remoteip = localsubnet profile = DOMAIN

Add Server Role: WebSocket Protocol

Manual Check List

  1. Install Chrome
  2. Download the Role Deployment and ICTool Setup from the NewInstall resources folder
  3. Follow the Using Powershell steps above to apply the roles
  4. Run the ICTool Setup – you need Site and User Keys
  5. Run INETMGR and
    1. Create one or more application pools for the sfPMS application(s).  Typically, don’t mix production and test sites in one pool.  Name the pools something like SpitfireProductionPool and SpitfireTestPool.  See below for recommended advanced settings.
    2. (optionally) add a website (Spitfire) mapped to c:\program files (x86)\Spitfire\websiteroot
    3. (optional) SSL certificate?
    4. Add (one or more) web applications mapped to c:\program files (x86)\Spitfire\webapproot\vr-xxxx and bind to hostname and (optionally) a local port
  6. If migrating from an older server
    1. Copy site configuration data from c:\program files (x86)\Spitfire\cfgFiles and c:\program files (x86)\Spitfire\InstallBase\data\SERVERNAME 
      1. SiteConfig.XML
      2. Site signing key
      3. License (likely needs to be replaced if not a farm)
      4. Optional: Logo image (may be in web application root\images)
    2. Use NotePad++ to edit the configuration XML
      1. Replace the old SQL server name with the new SQL name
      2. Replace the old IIS server name with the new server name
      3. If the IIS Site number has changed, find IISSiteName and update it
  7. Open ICTool (use File | Open to open the configuration file copied from a prior server)
    1. On the Servers tab, update the ATC server name
    2. For new installs, see the installation guide – setup SQL data, etc)
    3. On the sfPMS Members tab,
      1. update the server name and verify the VSPD path folders exist
      2. click in the web application column and lookup the IIS Web Application.
      3. consider if the hostname is changing
    4. On the ATC tab,
      1. verify the local HTTP path and local IP addresses
      2. install ATC
      3. install the service
      4. Create a firewall exemption for 14491 and 14492
        netsh advfirewall firewall add rule name = SFATC dir = in protocol = tcp action = allow localport = 14491-14492 remoteip = localsubnet profile = DOMAIN
      5. IMPORTANT: if you are preparing the new server and the old server is running, disable ATC on the new server for now!
  8. Obtain a license for the new server and place it into the InstallBase\data\SERVERNAME folder
  9. In Windows SERVICES.MSC
    1. set the ASPNET_STATE service to auto-start (and start the service)
    2. set the Spitfire ATC service to DELAYED start, with auto-recovery.
      1. Use “Local System Account” on the “Login As” tab.  If you use AD credentials, use a domain-limited account, but also add the account to the local administrators group on this IIS server.  If you use an AD user without local admin, the service will not automatically restart overnight, nor can it apply updates for the web application.
  10. Make sure the IIS and SQL server have the same time zone and the same time source.  See KBA-01559
  11.  Publish the site
  12. Open the site

IIS Application Pool Advanced Settings

  • Enable 32-bit applications: With Windows Server 2012  and later, we recommend false (which is the default).
  • Idle Time-out Minutes: We recommend a value between 30 and 50 (default is 20).
  • Shutdown Time Limit: We recommend a value between 99 and your PDS RAM cache time (often 123).
  • Specific Times: We recommend something between 1 and 3 AM. You should specify at least one time during off-hours; otherwise your application pool will recycle daily at whatever time IIS decides. The UI seems to support seconds, but you must use 00 for seconds (minutes are okay).
  • Virtual Memory Limit: Should be zero



KBA-01651; Last updated: October 26, 2023 at 20:40 pm  Setup IIS