Re: Unable to load SSL filter in IIS5.0 (sspifilt.dll)
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 12/13/04
- Next message: David Wang [Msft]: "Re: IIS 6 and second web site"
- Previous message: Lars: "Cannot generate w3svc and msftpsvc log files"
- In reply to: Theo Kanter: "Re: Unable to load SSL filter in IIS5.0 (sspifilt.dll)"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 13 Dec 2004 11:33:09 -0800
Your SSL inside the Firewall observation does not sounds like it has
anything to do with IIS. Inability to access port 443 when you when your
network traffic traverses a firewall that blocks the port is by-design
behavior.
Actually, SSL is very straight forward on IIS. Just install a server
certificate on the website and have it be bound to a unique IP:Port (no Host
headers for SSL -- spec does not allow it) and enable SSL on any vdir of the
website. If any MS documentation tells you to change configuration
sspifilt.dll, please let me know what URL it is, and I'll try to get it
corrected.
Thus, everything you've described is expected and by-design... even if you
do not understand it. You are basically doing unnecessary stuff that is
incorrect, so I'm not quite certain how the IIS UI can magically make you
understand what you do not know...
My recommendation would be to remove sspifilt.dll as a site filter, and this
issue should be resolved. IIS would never come with sspifilt.dll configured
as a site filter, so this problem looks to be self-inflicted.
- This step removes the event log message (which is absolutely correct --
site filter cannot register for SF_NOTIFY_READ_RAW_DATA)
- There is nothing contradictory with the ISAPI Filters tabs that you saw
for global and site filters. The displayed status is correct. You just have
to understand ISAPI Filters to be able to interpret it.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Theo Kanter" <theo@verkstad.net> wrote in message news:zHxud.10778$d5.95390@newsb.telia.net... The below is my input to the MS KB or other IIS 5.0 support forums: The ISAPI tab via the web server properties in the IIS manager reports sspifilt.dll as *not* loaded (see further error message details in other responses to David's response in this thread). Despite this I found that I am able to browse the web site with https (SSL) on the *inside* the firewall. Turns out that the firewall blocks port 443 to my server, which got me looking for a potential problem in the first place. As mentioned the ISAPI tab in the Web Site Properties (IIS Manager) reported a problem loading sspifilt.exe. Then the event manager reported an error that sspifilt.exe requires the SF_NOTIFY_READ_RAW_DATA filter notification requiring the filter to be loaded as a *global* filter. Thus, I started looking around what is meant by "global". When inspecting the ISAPI tab of the "WWW Service Master Properties for <host>", there are a number of filters properly loaded among which sspifilt.dll (this time with a green arrow!), which explains why SSL works (albeit inside the firewall). The contradictory reports about the status of sspifilt.exe and where to load sspifilt.exe via different property panels in the IIS 5.0 manager is very confusing and I found no reference to this elsewhere or in the MS KB. Instead I found many references of people who struggled with the same problem. --theo Theo Kanter wrote: > My Win2K professional (SP4) machine runs an IIS5.0 web server with > Frontpage2K extensions. Everything works OK except that I can't get SSL > to work. I installed a certificate following the MS guidelines. BUT: > > The ISAPI tab via the web server properties in the IIS manager shows a > big fat red arrow pointing down. The priority is *Unknown*. The SSL > filter (sspifilt.dll) is located in C:\WINNT\system32\inetsrv\ > > Attempts to browse the same web pages via https fail (obviously). I > tried nearly everything. What is preventing sspifilt.dll to load itself? > > Thanks in advance, > Theo
- Next message: David Wang [Msft]: "Re: IIS 6 and second web site"
- Previous message: Lars: "Cannot generate w3svc and msftpsvc log files"
- In reply to: Theo Kanter: "Re: Unable to load SSL filter in IIS5.0 (sspifilt.dll)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
