Sitecore Deployment Checklist

When you deploy  to the production, some points you should take in your consideration before you go live with your site, in this post i will list all of these points some of them related to .Net but mainly I will focus on Sitecore:

1) Make sure the App pool for your Site is always running: to do that go to the IIS App pool for your site -> advance settings -> change the start mode to be Always Running:


2)  Enable Custom Error Page (500): Error page should be static HTML page, if you have only one website, you can configure that directly in Web.config like any normal .net application, but if you have multi-sites, and you need different  error page for each site you should do that on the Applicaiton_Error event in Global.asax, here is the code of this implementation :

protected void Application_Error(object sender, EventArgs e)
 var customErrorsSection = (CustomErrorsSection)ConfigurationManager.GetSection("system.web/customErrors");
 if (customErrorsSection.Mode != CustomErrorsMode.Off)
 Exception ex = HttpContext.Current.Server.GetLastError();
 string host = Request.Url.Host;

 HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
 HttpContext.Current.Response.ContentType = "text/html";
 HttpContext.Current.Response.TrySkipIisCustomErrors = true;
 string filePath = string.Format("/assets/error/{0}/500.html", host);
if (System.IO.File.Exists(filePath))
 Log.Error(string.Format("There was an error in {0} : {1}", host, ex), this);
Note: I am using the host name to define which error page that i should 
redirect to, usually i added them under 
assets/errors/{host}/500.html, and the host will be

3) Restrict access to Sitecore from Content Delivery Servers: there is two ways to do that, implement IP based restriction or disable anonymous access from IIS, checkout this link from Sitecore:

Usually I go with IIS approach, if you implemented that and when you try to open Sitecore from the live website, it will show you 401 unauthorized access, and I usually  redirect 401 to 404 page , to do that just go to your Site from IIS -> error pages  -> error pages -> 401 , double click and change the response action to be “Execute a URL on this site“, and i put 404 as relative URL, so any access to Sitecore from the live Site, it will take the user to 404 page instead of 401.


4) SQL Connection:  it is always better to use Windows authentication instead of SQL authentication whenever possible to avoid storing credentials in connection strings and avoid passing passwords over the network to your database server, if you want to go with SQL authentication at least encrypt connection string instead of having the credentials in plain text, to do that check out this link :

5) Do you have multiple content delivery servers ? if yes, it is important to define same machine key for your application to all content delivery servers even if you enabled Sticky Session, based on my understating the reason is :

ASP.Net has algorithm to encrypt / decrypt the Viewstate and forms authentication data, Machine key will be used as part of that encryption. So lets assume that we have two CDs servers, and we enabled the sticky session on the Load balance, the request comes to the load balance, and Load balance will redirect my request to one on content delivery servers (sticky session conflagrations can be done based on user session or IP), lets assume all requests now are routed to CD1 server, for some reson failure happen on CD1 so the request will go to the CD2 server, and CD2 has different machine key,  that means the view state is invalid. so if i am using the same machine key on both servers in this case my view state will be still valid.

Here is the recommendation from Sitecore for having one machinekey if you have two content delivery server or more (section 4.5):

Click to access scaling_guide_sc70_a4.pdf

you can generate that from IIS, go to you webstie -> machine key (double click), i usually use AES as encryption method and i un-check automatically generate at run-time, then i click generate keys, make sure that you don’t have IsolateApps in the key if you have just remove it, after that just apply the same key on all CDs  :


6) 301 Redirect: permanent redirect for old to new URLs, usually i am using IIS URL rewrite module to do that and adding my rules:

7) caching: make sure to cache your components as much as you can,  specially the heavy components like Main Navigation, output cache is out of the box in Sitecore you just need to define which components you need to cache:


check out this link to know the differences between vary by :

And don’t forget to add your sites to the HtmlCacheClearer  in Sitecore.config, so sitecore can clear the cache on publish end event

 <event name="publish:end">
 <handler type="Sitecore.Publishing.HtmlCacheClearer, Sitecore.Kernel" method="ClearCache">
 <sites hint="list">
 <handler type="Sitecore.Publishing.RenderingParametersCacheClearer, Sitecore.Kernel" method="ClearCache"/>
 <event name="publish:end:remote">
 <handler type="Sitecore.Publishing.HtmlCacheClearer, Sitecore.Kernel" method="ClearCache">
 <sites hint="list">
 <handler type="Sitecore.Publishing.RenderingParametersCacheClearer, Sitecore.Kernel" method="ClearCache"/>


8) SOLR:

  • If you are using solr for search and i recommend to check out this post, talking about SOLR Checklist with Sitecore, specially if you installed solr from bitnami.
  • Configure SOLR Replication, install solr master on dedicated server and configure the slaves on your CDs servers, for more details about advantages and how to configure that you can check my previous post in this link:

9) Sitemap: for one site you can write simple code and you can generate your Sitemap.xml on publish end event as a file, there is other different ways to generate your sitemap, if you have -Mutli sites and Multilingual i prefer to go with doing it at run-time, to achieve that check out this link.

10) Sitecore License: Usually we put the license file under data folder, in Sitecore 8.1 Update-1, i was checking the Sitecore logs and i found the following error:

ERROR Error in FileWatcher. Internal buffer overflow.
Exception: System.IO.InternalBufferOverflowException
Message: Too many changes at once in directory:

I sent support ticket for Sitecore and they asked me to move the Sitecore License file to sub folder, checkout this Link for more information about that.


In the end i hope that i covered all the points related to Sitecore Deployment checklist, and I hope you find this post helpful, If you have any additional knowledge on this subject, comments or questions, please let me know in the comments section below.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s