Within support, we sometimes see customers performing an IISReset command to restart their server or restart their websites or web-applications. In some of the cases we have worked with, we have also seen issues with IISRESET failing and indicating error messages such as "Restart attempt failed. Access Denied".
I'm not going to start a long discussion on the supportability of using IISRESET, but you may be aware of this statement:
[Event ID 3206 — IIS Reset Activity ]
Note: Restarting or stopping IIS, or rebooting your Web server, is a severe action. When you restart the Internet service, changes to the metabase can be lost. All sessions connected to your Web server are dropped, and any data held in Web applications is lost. All Internet sites are unavailable until Internet services are restarted. For these reasons, the use of IISReset is not recommended
[…]
The use of IISReset was recommended on previous versions of IIS, like IIS 6.0 and is not supported on IIS 7.0, IIS 7.5 or any of the versions that came after it.
When you ran IISRESET with no arguments on a Windows 2003 server, IISRESET would just call a method exposed in a COM object hosted in a process named IISRSTAS.EXE.
The main actions to "RESET IIS" are done in the IISRSTAS process and the code executed consists of the following actions:
- Stopping the IISADMIN service (if this feature is installed on IIS 7 or above)
- If the IISADMIN service fails to stop, then enumerate all processes running on the server and try to find and kill processes hosting the IISW3ADM.DLL binary
In most cases, only step 1) is executed and, on IIS7 and above, IISRESET is very similar to "NET STOP IISADMIN /Y". However, if the IISADMIN service can't be stopped in a timely fashion, the action taken is quite extreme: killing all processes hosting IISW3ADM.DLL! In my customer's scenario, the request to stop the IISADMIN service was failing with an error 0x80070425 (The service cannot accept control messages at this time) and therefore, IISRSTAS.EXE starts to enumerate all processes trying to find processes hosting IISW3ADM. In order to find the processes hosting IISW3ADM.DLL, IISRSTAS.EXE had to call OpenProcess() to enumerate DLLs loaded in each process and the OpenProcess() call was failing on one specific process (RPCSS).
In the end, the solution was simply to use IISRESET /NOFORCE. In this case, IISRESET only executes step 1) and does not throw an error.
If you still want to restart IIS, you may use IISRESET /NOFORCE.
If you use IIS7+ versions, you may use this command (on IIS7+, IISADMIN is just there for IIS6 compatibility):
NET STOP WAS /Y && NET START W3SVC
If you want to stop IIS and the HTTP transport (HTTP.SYS), you can use this command:
NET STOP HTTP /Y && NET START W3SVC
Note that the above command is quite handy in case you are changing SSL configuration and you want your change to be effective without rebooting the server (for example, if you add a root CA to the computer account certificate store or change some SSL setting like SendTrustedIssuerList)
We hope this blog clarifies the reason why you shouldn't use IISRESET without the /NOFORCE option!
originally written by: Emmanuel Boersma
reviewed by: Paul Cociuba
