When the time comes to renew your migrated certificates, I suggest you read VeriSign's Known Browser and Application Issues Web page (http://www.verisign.com/support/vendors/issues.html). Another helpful resource for answering your questions about IIS 5.0 and certificates is Thawte Consulting's IIS 5.0 FAQ Web page (http://www.thawte.com/support/server/msiis5.html).
Migrating Web Applications
If your IIS 4.0 Web server delivers dynamic content, you need to migrate your Web applications' scripts, Internet Server API (ISAPI) filters, ISAPI extensions, and COM objects. Although these items might already have moved as part of your migration of Web content or the IIS metabase, you might need to move certain other programs (e.g., script engines that reside outside the basic Web tree) separately.
In any event, a successful migration doesn't necessarily mean that your application will behave as it did in an IIS 4.0 environment. I can't overstate the importance of testing your migrated applications. Stress testing is essential for determining how your application will perform in its new environment. In most situations, your applications will run faster and more reliably on IIS 5.0. However, application weaknesses or development errors that went unnoticed in IIS 4.0 can come to light in IIS 5.0's less forgiving environment.
You should also be aware of changes to IIS 5.0 that might affect your applications. For example, in IIS 5.0, ASP 3.0 doesn't permit the use of include files between <script> tags. Additionally, IIS 5.0 enforces NTFS permissions on include files; IIS 4.0 ignores permissions for these files. (Chalk up another advantage to migration upgrades: Application problems are much easier to troubleshoot when you separate the installations of a new OS and a new IIS version.)
In some circumstances, the differences between IIS 4.0's Microsoft Transaction Services (MTS) and IIS 5.0's COM+ can result in lackluster performance after you migrate to IIS 5.0. An application's performance might decline if the application uses the single-threaded apartment (STA) model to create the COM objects that perform complex calculations or database sorts. To remedy the problem, Microsoft released an upgrade that lets COM+ behave as if it were IIS 4.0's MTS. COM+ SP3 will include this upgrade, which is currently available by request if you need it before the service pack is available. (To request the upgrade, call Microsoft Product Support Services—PSS—and ask for Com+ Rollup 10.)
To keep Visual Basic (VB) components on their best behavior in a COM+ environment, enable Retained in Memory and Unattended Execution on your VB projects' Properties sheets before compilation. For additional tips about avoiding problems related to COM+, see Ken Spencer's MSDN Magazine article "Migrating from MTS to COM+" (July 2000) at http://msdn.microsoft.com/library/default.asp?url=/library/periodic/period00/serving0700.htm.
Prevent Potential Problems
After you successfully migrate your users, content, metabase, permissions, certificates, and custom applications, what problems could occur? If you use third-party software on your IIS server, you need to check with the vendor for upgrades and for information about how the application works with IIS 5.0. For example, you can't use IIS 5.0's HTTP compression features with Allaire's ColdFusion. Also, installing Crystal Decisions' popular Crystal Reports 8 can cause problems accessing both IIS 4.0 and IIS 5.0 databases. (For more information about this problem, see the Microsoft article "0x80004005 ASP Error Message Occurs When You Connect to a Database After Crystal Reports 8 Installation" at http://support.microsoft.com/support/kb/articles/q272/6/93.asp.)
My final tip is to back up the metabase after you finish your IIS migration. You can simply copy metabase.bin, or you can use MetaEdit, the Internet Information Services snap-in, or the metaback.vbs script (which you can find in the \inetpub\iissamples\sdk\admin directory) to make this backup. Unlike the Windows Me or Windows 9x registry, which creates a system.da0 registry backup when you first install the OS, IIS 5.0 makes no such backup of its metabase. If your metabase becomes damaged and you don't have a backup, you can do little to recover your hard work.
Have No Fear
Moving from IIS 4.0 on an NT server to IIS 5.0 on a Win2K server is a task thousands of administrators are facing. (For more information about this process, see "Microsoft Articles About IIS 5.0 and Domain Migration.") Although in-place upgrades are easy and generally reliable, migrating to a newly installed Win2K and IIS 5.0 configuration is the recommended route. With a little planning and research, you can make a smooth transition to a more secure, better-performing platform.