Major
Topics to consider when troubleshooting IIS & SSL
I
- Web site configuration
A:
How to: Change the IP address for the WWW service
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9YRXOEQ0.ASP
When
a server certificate is applied to an IIS version 4.0 Web server, the server
certificate must be bound to the IP address and port number. If there are
multiple certificates loaded but not bound, the server may not use the
certificate correctly. SSL connections may fail if the settings in Key Manager
are incorrect. By default, Key Manager sets up IIS to use the certificate on
all unassigned IP addresses and all unassigned ports. Unassigned means IP
addresses or Port combinations are not currently bound to a certificate. If you
bind a certificate to a specific IP address or Port and then change the IP or
Port combination of the Web server, you must also change the setting in Key
Manager.
Example:
If you have a Web server, www.myserver.com, on IP address 10.56.65.200 and port
443 (for SSL traffic), the server certificate must also be bound to
10.56.65.200:443. However, if you change the server address to
10.56.65.201:443, you must also change the setting to 10.56.65.201:443 in Key
Manager. If you do not, IIS does not service requests for the new IP address
and Port because it is still bound to 10.56.65.200:443.
B:
IP Address is Mis-configured:
http://support.microsoft.com/support/kb/articles/Q184/0/31.ASP?LNG=ENG&SA=A
LLKB&FR=0)
When
you access an Internet site through a Proxy Server that is installed on a
Microsoft IIS 4.0 computer, you may receive the following error(s):
Internet
Explorer cannot open the Internet Site
A
connection with the server could not be established
001
Host not found
Unable
to form connection to the server.
The
path c:\path_name\w3proxy.dll failed to load..
Error
14
RESOLUTION
Open
the Default Web Site Properties and change the IP Address field to All
Unassigned.
AND/OR
Edit
the Default Web Site properties.
Click
the Advanced button on the Web Site tab. Click the Add button in the
"Multiple identities for this Web Site" section and remove the Host
Header Name entry. If necessary, create a new site that will host the content
that you wish to publish on the Internet or intranet. Assign an external or
internal IP address to this new Web site. Remember to stop and restart the
browser after making this change. Make sure that the settings to Enable Dialing
for the Winsock and Web Proxy's also check the Credentials. Verify that these
are correct and line up with the DUN.
How
to: Change the TCP port for the WWW service
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9YRZAZ9F.ASP
How
to: Configure ISAPI filters
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9YV4XADV.ASP
ERRORS
by NUMBERS:
Error
402 - 403 =
http://support.microsoft.com/support/kb/articles/Q228/5/21.ASP?LNG=ENG&SA=AL
Error
403.6 =
http://support.microsoft.com/support/kb/articles/Q191/1/41.ASP?LNG=ENG&SA=AL
Error
403.7 = http://support.microsoft.com/support/kb/articles/Q190/0/04.ASP?LNG=ENG&SA=AL
Error
403, 403.4 & 403.5
http://support.microsoft.com/support/kb/articles/Q224/3/89.ASP?LNG=ENG&SA=AL
GENERAL
ERROR MESSAGES:
When
you attempt to open http://www.localhost.com or the product documentation using
Internet Explorer on a computer running Internet Information Server 4.0, one of
the following error messages occurs:
Internet
Explorer cannot open the Internet site http://localhost/. A connection with the
server could not be established
OR
Internet
Explorer cannot open the Internet site
http://localhost/iisHelp/iis/misc/default.asp.
A
connection with the server could not be established
CAUSE:
The default Web site has been assigned to use a particular IP address.
Change
the default Web site to use "All Unassigned" IP addresses. To do
this, perform the following steps:
Start
the Internet Service Manager (ISM), which loads the Internet Information Server
snap-in for the Microsoft Management Console MMC.
Right-click
the default Web site folder, and then click Properties.
On
the Web Site tab, click the IP Address drop-down list box, and then click (All
Unassigned).
Click
OK.
Browser
Hangs:
·
Web Site found.... waiting for reply.
·
Unable to connect to server.
·
A message stating that a connection with the server could not be established.
·
The browser stops responding when you attempt to connect to the site.
(NOTE:
However, the World Wide Web Publishing Service appears to be running correctly;
it can be stopped and started, and there are no related errors in the Event Log
Solutions:
·
Verify that the Schannel.dll file is current.
·
Verify that the ISAPI filter Sspifilt.dll is installed.
·
Remove and reinstall the certificate key.
MISCELLANEOUS
"Host
Headers" and IIS
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZUU8CY8.ASP
HTTP
1.1 host headers not supported with SSL
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZVXI2XE.ASP
Using
Host Headers to Host Multiple Sites on ONE IP address
http://support.microsoft.com/support/kb/articles/Q190/0/08.ASP?LNG=EN-US&SA=
Event
ID 115 using Host Headers
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZUVQZ01.ASP
Change
Default Port for SSL
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZAT9FNU.ASP
Disable
PCT 1.0, SSL 2.0 or SSL 3.0 on IIS
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZVY4ULY.ASP
"Require"
128 bit encryption for SSL Communications
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZDRVQPO.ASP
Require
SSL for connection to web site:
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZDRU7SU.ASP
Back
up Certificate & Import certificate
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZEUGEGA.ASP
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZEV9JC1.ASP
Client
Certificate Issues:
Browser
does not display client certificates:
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZUJLH83.ASP
Require
basic authentication to connect to Web site:
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9YWA8FZQ.ASP
Use
client certificates for accessing Web resources. (And how to turn it off)
http://support.microsoft.com/support/ServiceWare/Iis/iis40/E9ZET5NOM.ASP