IIS 6 Static IP & SSL Problem

Hi Experts,

Well this is a tough one and has confused me. Basically we have a server running windows server 2003 with 7 web sites. Out of the 7 sites, 3 of them are using SSL.

The first site (A) is using the default IP address where as the other two (B and C) are using unique IP addresses.

The server was running fine until one of them needed an SSL renewal. Once I attempted the renew the SSL, for some strange reason it was still displaying the old certificate. I then had to select an SSL by manually selecting an available SSL within properties on the website.

Once this change had been done, the website C had stopped working whereas the website A and B was working fine still.

I then revoked back the SSL for web site C but still no joy. I then created a blank web site (D) using the IP address that C has (I have stopped the website C working).

Just created a index.html saying Hello World. The web site will not load and will revert back to the default website page as it cannot find the new web site that I had created (web site D).

Web site D does not have no SSL or anything and still not working. Another strange thing is that whenever I try edit SSL for any site, it hands for approx 10 seconds which is not normal.

I have reboot the server and still no joy.

Any help will be appreciated.

Thanks

introlux
introluxAsked:
Who is Participating?
 
OctInvConnect With a Mentor Commented:
I think this is to do with the host headers for the SSL part of the website. For some reason Microsoft in their wisdom allow you to configure host headers for the HTTP part of the website through IIS manager, but not the HTTPS part. You can however get around this by using Metabase Explorer, which allows you to set a host header for the SSL/HTTPS part of the website. This is only neccessary if you have limited IP addresses available, which I suspect is the issue here. By specifying different secure bindings you can have multiple HTTPS websites using the same internal IP address. Unfortunately when you renew an SSL certificate the secure binding (host header) gets wiped, and you have to add it again. Have a look here at Metabse explorer: http://support.microsoft.com/kb/840671#8
Once you donwload this you can open a website and edit the "secureBindings" string. Hope this makes sense.
0
 
introluxAuthor Commented:
The problem I am having is that the Static IP address for web site C is no longer working regardless if the site is using SSL or not.

I have enough IP addresses to do run three web sites with SSL. For some strange reason one of the IP addresses is no longer working regardless if the site has SSL or not.

Any help with this?
0
 
OctInvCommented:
Does it not work from both internally and externally?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
introluxAuthor Commented:
Nope! You cannot even right click within IIS and select Browse to view the content!
0
 
OctInvCommented:
Ok, I'm signing off now, but will have another look tomorrow. I take it you have done the usual IIS reset etc.
0
 
introluxAuthor Commented:
Yep done all of that!
0
 
patkremerCommented:
Go back and check your bindings on the Default web site. On the Web Site tab, click "Advanced"  next to the IP Address. Look at the SSL bindings on the bottom. Does it specify an IP or does it say "All Unassigned"?  I'm betting that it says "All Unassigned". Change that to a specific IP, do an iisreset, and try again.
0
 
introluxAuthor Commented:
I have gone into the advanced next to the IP address and there is nothing in the list for SSL. So therefore I cannot change anything.

And other suggestions?

Thanks for all the input fom everyone btw.
0
 
patkremerCommented:
If there's nothing in there for SSL, then your Default website isn't SSL-enabled.

Every SSL-enabled site on your box should have port 443 showing up in that section of the config, and bound to the proper IP address.

I'd go take a look at all of the sites on your box and ensure there isn't something wrong with the bindings - every SSL site should have the config on 443, and every non-SSL site should have nothing show up.
0
 
introluxAuthor Commented:
I have checked all the sites and nothing out of the ordinary.

I just cant understand why the static IP address for web site C is no longer working once assigned. Like I explained prior, if you set the site as all unassigned it works! Set it to the IP address the site does not work. Remove IP address to unassigned then the site won't work again.

It's like as soon as u use that IP the site will never work again until you recreate the site again from scratch.

Any idea?
0
 
patkremerCommented:
Could something else be running on that IP? Try netstat -ab and see if any other process is grabbing 443 on that IP.
0
 
OctInvCommented:
Check the network adapter to make sure the IP address is still bound to it.
0
 
introluxAuthor Commented:
I cant even see that static IP's in the list when doing netstat -ab

They are definetly bound.
0
 
introluxConnect With a Mentor Author Commented:
Problem sorted!

It seemed to be a SSL permission access issue. For people who experience this problem please visit: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO6568

Thanks for all the input along with the Metabase tool! Very handy to have if you run out of IP addresses to use.

Thanks once again for the input from everyone!

introlux
0
 
introluxAuthor Commented:
Metabase Explorer helped me sort out the problem on a short interim.

SSL Permission was the main problem which has now been fixed.
0
All Courses

From novice to tech pro — start learning today.