Solved

IIS 6 Static IP & SSL Problem

Posted on 2011-03-11
15
761 Views
Last Modified: 2012-05-11
Hi Experts,

Well this is a tough one and has confused me. Basically we have a server running windows server 2003 with 7 web sites. Out of the 7 sites, 3 of them are using SSL.

The first site (A) is using the default IP address where as the other two (B and C) are using unique IP addresses.

The server was running fine until one of them needed an SSL renewal. Once I attempted the renew the SSL, for some strange reason it was still displaying the old certificate. I then had to select an SSL by manually selecting an available SSL within properties on the website.

Once this change had been done, the website C had stopped working whereas the website A and B was working fine still.

I then revoked back the SSL for web site C but still no joy. I then created a blank web site (D) using the IP address that C has (I have stopped the website C working).

Just created a index.html saying Hello World. The web site will not load and will revert back to the default website page as it cannot find the new web site that I had created (web site D).

Web site D does not have no SSL or anything and still not working. Another strange thing is that whenever I try edit SSL for any site, it hands for approx 10 seconds which is not normal.

I have reboot the server and still no joy.

Any help will be appreciated.

Thanks

introlux
0
Comment
Question by:introlux
  • 8
  • 4
  • 3
15 Comments
 
LVL 7

Accepted Solution

by:
OctInv earned 100 total points
Comment Utility
I think this is to do with the host headers for the SSL part of the website. For some reason Microsoft in their wisdom allow you to configure host headers for the HTTP part of the website through IIS manager, but not the HTTPS part. You can however get around this by using Metabase Explorer, which allows you to set a host header for the SSL/HTTPS part of the website. This is only neccessary if you have limited IP addresses available, which I suspect is the issue here. By specifying different secure bindings you can have multiple HTTPS websites using the same internal IP address. Unfortunately when you renew an SSL certificate the secure binding (host header) gets wiped, and you have to add it again. Have a look here at Metabse explorer: http://support.microsoft.com/kb/840671#8
Once you donwload this you can open a website and edit the "secureBindings" string. Hope this makes sense.
0
 

Author Comment

by:introlux
Comment Utility
The problem I am having is that the Static IP address for web site C is no longer working regardless if the site is using SSL or not.

I have enough IP addresses to do run three web sites with SSL. For some strange reason one of the IP addresses is no longer working regardless if the site has SSL or not.

Any help with this?
0
 
LVL 7

Expert Comment

by:OctInv
Comment Utility
Does it not work from both internally and externally?
0
 

Author Comment

by:introlux
Comment Utility
Nope! You cannot even right click within IIS and select Browse to view the content!
0
 
LVL 7

Expert Comment

by:OctInv
Comment Utility
Ok, I'm signing off now, but will have another look tomorrow. I take it you have done the usual IIS reset etc.
0
 

Author Comment

by:introlux
Comment Utility
Yep done all of that!
0
 
LVL 1

Expert Comment

by:patkremer
Comment Utility
Go back and check your bindings on the Default web site. On the Web Site tab, click "Advanced"  next to the IP Address. Look at the SSL bindings on the bottom. Does it specify an IP or does it say "All Unassigned"?  I'm betting that it says "All Unassigned". Change that to a specific IP, do an iisreset, and try again.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:introlux
Comment Utility
I have gone into the advanced next to the IP address and there is nothing in the list for SSL. So therefore I cannot change anything.

And other suggestions?

Thanks for all the input fom everyone btw.
0
 
LVL 1

Expert Comment

by:patkremer
Comment Utility
If there's nothing in there for SSL, then your Default website isn't SSL-enabled.

Every SSL-enabled site on your box should have port 443 showing up in that section of the config, and bound to the proper IP address.

I'd go take a look at all of the sites on your box and ensure there isn't something wrong with the bindings - every SSL site should have the config on 443, and every non-SSL site should have nothing show up.
0
 

Author Comment

by:introlux
Comment Utility
I have checked all the sites and nothing out of the ordinary.

I just cant understand why the static IP address for web site C is no longer working once assigned. Like I explained prior, if you set the site as all unassigned it works! Set it to the IP address the site does not work. Remove IP address to unassigned then the site won't work again.

It's like as soon as u use that IP the site will never work again until you recreate the site again from scratch.

Any idea?
0
 
LVL 1

Expert Comment

by:patkremer
Comment Utility
Could something else be running on that IP? Try netstat -ab and see if any other process is grabbing 443 on that IP.
0
 
LVL 7

Expert Comment

by:OctInv
Comment Utility
Check the network adapter to make sure the IP address is still bound to it.
0
 

Author Comment

by:introlux
Comment Utility
I cant even see that static IP's in the list when doing netstat -ab

They are definetly bound.
0
 

Assisted Solution

by:introlux
introlux earned 0 total points
Comment Utility
Problem sorted!

It seemed to be a SSL permission access issue. For people who experience this problem please visit: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO6568

Thanks for all the input along with the Metabase tool! Very handy to have if you run out of IP addresses to use.

Thanks once again for the input from everyone!

introlux
0
 

Author Closing Comment

by:introlux
Comment Utility
Metabase Explorer helped me sort out the problem on a short interim.

SSL Permission was the main problem which has now been fixed.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now