Server is running Windows Server 2012 R2 as a Remote Desktop Server and has IIS 8.5 installed.
I'm trying to run MSBA 2.3 (Microsoft Baseline Security Avisor) to check for any missing security patches and other dodgy setups and it fails the IIS checks with:
Unable to scan IIS Status – The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.
Ok, the following seems to indicate the basic server is all there, what else is common but uncommon enough to not show in the list below?
Best Answer
In order for the MBSA (Microsoft Baseline Security Adviser) to do its scan job on Microsoft IIS, it needs to have IIS 6 Management Compatibility turned on, specifically, IIS 6 Metabase Compatibility.
Lot of digging to find this one, it's a well hidden secret as the references to IIS Common Files in the warning
is a Windows Server 2003 item that hasn't been updated in MBSA to reflect current server platforms.