IIS 7 on Windows server 2008 - problem with https forwarding to http

Posted on 2011-10-07
Last Modified: 2012-05-12
On a new IIS7 setup on windows server 2008, we moved over a web application (it happens to be cold fusion, but I think that is unrelated) from an older server.  We didn't have ssl setup initially on the new server, and everything was working fine with the app.

Now, we have a new ssl cert just installed.  I can pull up the plain default IIS homepage over https and it appears fine.  However whenever I try to go to the login page for my app, for some reason instead of staying on https, it bounces to http and removes the filename that I'd just typed in from the url path.  We do have require ssl marked in the IIS settings.  If I uncheck this, I can still go to the http version of the app login page, and it still works just fine.  But when I try the same path, but under https, it keeps removing the https part and the trailing filename.  When this happens, the only error I get back is a 403.14, which is access denied, since directory browsing is not allowed.  This makes sense because directory browsing is turned off (we don't want to alow it), and since it removed my specific filename from the url, it thinks it's trying to browse the directory instead.

To be clearer:

I type in:

and immediately, the url auto-changes to:
with this error:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

and if I turn off the ssl requirement, I can type in:
http://servername/path/to/my/app/Login.cfm (NOTE:  http and not https)
and the login page comes up just fine.

Any ideas on this?
Question by:sah18
    LVL 14

    Expert Comment

    Did you modify the site's port binding to 443?
    LVL 9

    Author Comment

    I didn't install the ssl cert, but I can check.

    If I go to:
    IIS Manager
    Right-Click on  Default Web Site --> Edit Bindings
    this is what I see: Default Web Site - Bindings
    Does this look correct to you?
    LVL 14

    Expert Comment

    ok, and this is for THAT site, not the default IIS site?
    LVL 9

    Author Comment

    The only site I have defined is the default IIS site.
    LVL 14

    Accepted Solution

    Try removing the http binding and leave only https

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will show how to inventory, catalog, and restore media from legacy versions of Backup Exec into both 2012 and 2014 versions of the software. Select Storage from the tabs along the ribbon bar as the top: Ensure the proper storage devi…
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now