Solved

IIS 6 Static IP & SSL Problem

Posted on 2011-03-11
15
772 Views
Last Modified: 2012-05-11
Hi Experts,

Well this is a tough one and has confused me. Basically we have a server running windows server 2003 with 7 web sites. Out of the 7 sites, 3 of them are using SSL.

The first site (A) is using the default IP address where as the other two (B and C) are using unique IP addresses.

The server was running fine until one of them needed an SSL renewal. Once I attempted the renew the SSL, for some strange reason it was still displaying the old certificate. I then had to select an SSL by manually selecting an available SSL within properties on the website.

Once this change had been done, the website C had stopped working whereas the website A and B was working fine still.

I then revoked back the SSL for web site C but still no joy. I then created a blank web site (D) using the IP address that C has (I have stopped the website C working).

Just created a index.html saying Hello World. The web site will not load and will revert back to the default website page as it cannot find the new web site that I had created (web site D).

Web site D does not have no SSL or anything and still not working. Another strange thing is that whenever I try edit SSL for any site, it hands for approx 10 seconds which is not normal.

I have reboot the server and still no joy.

Any help will be appreciated.

Thanks

introlux
0
Comment
Question by:introlux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
15 Comments
 
LVL 7

Accepted Solution

by:
OctInv earned 100 total points
ID: 35113699
I think this is to do with the host headers for the SSL part of the website. For some reason Microsoft in their wisdom allow you to configure host headers for the HTTP part of the website through IIS manager, but not the HTTPS part. You can however get around this by using Metabase Explorer, which allows you to set a host header for the SSL/HTTPS part of the website. This is only neccessary if you have limited IP addresses available, which I suspect is the issue here. By specifying different secure bindings you can have multiple HTTPS websites using the same internal IP address. Unfortunately when you renew an SSL certificate the secure binding (host header) gets wiped, and you have to add it again. Have a look here at Metabse explorer: http://support.microsoft.com/kb/840671#8
Once you donwload this you can open a website and edit the "secureBindings" string. Hope this makes sense.
0
 

Author Comment

by:introlux
ID: 35113837
The problem I am having is that the Static IP address for web site C is no longer working regardless if the site is using SSL or not.

I have enough IP addresses to do run three web sites with SSL. For some strange reason one of the IP addresses is no longer working regardless if the site has SSL or not.

Any help with this?
0
 
LVL 7

Expert Comment

by:OctInv
ID: 35113848
Does it not work from both internally and externally?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:introlux
ID: 35113888
Nope! You cannot even right click within IIS and select Browse to view the content!
0
 
LVL 7

Expert Comment

by:OctInv
ID: 35113901
Ok, I'm signing off now, but will have another look tomorrow. I take it you have done the usual IIS reset etc.
0
 

Author Comment

by:introlux
ID: 35113955
Yep done all of that!
0
 
LVL 1

Expert Comment

by:patkremer
ID: 35115987
Go back and check your bindings on the Default web site. On the Web Site tab, click "Advanced"  next to the IP Address. Look at the SSL bindings on the bottom. Does it specify an IP or does it say "All Unassigned"?  I'm betting that it says "All Unassigned". Change that to a specific IP, do an iisreset, and try again.
0
 

Author Comment

by:introlux
ID: 35117881
I have gone into the advanced next to the IP address and there is nothing in the list for SSL. So therefore I cannot change anything.

And other suggestions?

Thanks for all the input fom everyone btw.
0
 
LVL 1

Expert Comment

by:patkremer
ID: 35117902
If there's nothing in there for SSL, then your Default website isn't SSL-enabled.

Every SSL-enabled site on your box should have port 443 showing up in that section of the config, and bound to the proper IP address.

I'd go take a look at all of the sites on your box and ensure there isn't something wrong with the bindings - every SSL site should have the config on 443, and every non-SSL site should have nothing show up.
0
 

Author Comment

by:introlux
ID: 35118397
I have checked all the sites and nothing out of the ordinary.

I just cant understand why the static IP address for web site C is no longer working once assigned. Like I explained prior, if you set the site as all unassigned it works! Set it to the IP address the site does not work. Remove IP address to unassigned then the site won't work again.

It's like as soon as u use that IP the site will never work again until you recreate the site again from scratch.

Any idea?
0
 
LVL 1

Expert Comment

by:patkremer
ID: 35118566
Could something else be running on that IP? Try netstat -ab and see if any other process is grabbing 443 on that IP.
0
 
LVL 7

Expert Comment

by:OctInv
ID: 35120279
Check the network adapter to make sure the IP address is still bound to it.
0
 

Author Comment

by:introlux
ID: 35121894
I cant even see that static IP's in the list when doing netstat -ab

They are definetly bound.
0
 

Assisted Solution

by:introlux
introlux earned 0 total points
ID: 35127603
Problem sorted!

It seemed to be a SSL permission access issue. For people who experience this problem please visit: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO6568

Thanks for all the input along with the Metabase tool! Very handy to have if you run out of IP addresses to use.

Thanks once again for the input from everyone!

introlux
0
 

Author Closing Comment

by:introlux
ID: 35170686
Metabase Explorer helped me sort out the problem on a short interim.

SSL Permission was the main problem which has now been fixed.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question