Re: Win2003 Upgrade Broke SSL?
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 03/02/05
- Next message: Tom Kaminski [MVP]: "Re: Problem with IIS 5.1 Change IIS 6.0"
- Previous message: CES: "Re: .Net problem on localhost in FireFox"
- In reply to: JohnF: "Re: Win2003 Upgrade Broke SSL?"
- Next in thread: JohnF: "Re: Win2003 Upgrade Broke SSL?"
- Reply: JohnF: "Re: Win2003 Upgrade Broke SSL?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 2 Mar 2005 08:22:22 -0800
Sorry, I meant to say that:
netstat -ano
Regarding Windows Update, you want to make sure that your machine's Regional
settings is correct. You may have the right time numerically but for the
wrong time-zone, which will cause your overall "universal" time to be
incorrect. That is, suppose it is currently 4pm Eastern US timezone and my
computer is in the Eastern US timezone, set to 4pm but for the Western US
timezone. The time numerically is correct, but the timezone is incorrect and
causes my overall "universal" time to be "1pm", which is incorrect.
The reason I say that the upgrade did not break SSL is because IIS has no
dependency on having a website with SSL enabled. The fact that you had
problems relating to port 443 being occupied suggests that you did something
that both forced IIS to start a website with SSL on port 443 *and* some
other program has already claimed port 443. Neither of those things have
anything to do with IIS nor general upgrading process of the OS, so I
believe they are external.
Usually, when IIS does not start, the NT event log would have entries
regarding the reason(s). That is standard operations.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "JohnF" <JohnF@discussions.microsoft.com> wrote in message news:13C5284B-C2F6-42FC-9E9C-548547EB84A7@microsoft.com... Thanks for your help... netstat -o is not showing anything on 443, which is a little strange. I've done a screen dump and there is no reference to 443 at all as I scroll through the dump. I've just noticed windows update won't work either (unrelated but I wonder if it has something to do with it...). Windows update is telling me that my clock is not the correct time, which it is. It won't let me update the hotfixes. Could this be at all related? I am a little confused at the reply that Upgrading to Win2003 did not break it. I had upgraded a Win2k server running Exch2000 to Exchange 2003 as per the MSKB. I was well aware that Exchange had to be upgraded first. When I tested OWA2003 from a client, it worked fine. This means after Exchange 2003 was upgraded "over the top" IIS was still working. As soon as I upgraded the OS (from Win2000 to Win2003 server) the IIS service would no longer start, and this is when I realised it was because port 443 wouldn't start, so IIS just came up with an error about not starting. I only fumbled on to the revelation that port 443 was blocking it, because the error message about "IIS not starting" was not helpful. As soon as I realised 443 was stopping IIS starting, I simply changed the SSL-setting in IIS properties to 444 and it started fine. Now my problem is I need to get SSL working back on 443 as it should (and was prior to the 2003 upgrade). I'm confused because prior to upgrading to Win2003, IIS was fine. I had no errors in starting it, and it served OWA2000 and then OWA2003 requests perfectly. It was only after installing Win2003 server over the top that IIS "broke" for want of a better explanation. Any help greatly appreciated. John. "David Wang [Msft]" wrote: > netstat -o > > should show the PID of the process that is listening on port 443, so check > to see if there is a conflict. svchost.exe should be the owner if IIS has > it. If it is not IIS, then you need to take care of server configuration > such that this is no longer a problem > > > In general, I doubt that "Win2003 upgrade broke SSL" since as you noted, SSL > wasn't even working before the upgrade, so I doubt there was anything to > break. > > What I suspect is that you have some other program that is using port 443, > and on upgrade, when Exchange tried to claim port 443 for SSL, it was unable > to (since the port was already claimed by another application), and so IIS > fails to start up that website (failure to claim binding for a website is > sufficient reason to fail the website). I am not certain that you will ever > find posts with people talking about this sort of "problem" since it amounts > to user error. If you configure multiple programs to use the same IP:Port > binding, all but the first will fail, and the pattern will be different, > depending on the application. > > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Bernard" <qbernard@hotmail.com.discuss> wrote in message > news:u9AVTpVHFHA.3588@TK2MSFTNGP14.phx.gbl... > who is the CA of the cert ? do you installed the trusted root and > intermmediate root cert as well ? > > Don't think this apply to w2k3. but you can refer it > "Certificate Services Did Not Start" Message Appears in the Event Log Even > Though the Certificate Services Component Starts Successfully > http://support.microsoft.com/?id=822626 > > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > > "JohnF" <JohnF@discussions.microsoft.com> wrote in message > news:93D0BCB4-C7CD-4499-937D-845A2A62CF95@microsoft.com... > > All, > > > > I recently upgraded my Exchange 2000 server/Windows 2000. I installed > > Exchange 2003 and then upgraded to Windows 2003 server. > > > > In doing so, it broke SSL. I'm not sure why or how a mere upgrade did > > this, > > but it did - it could be my lack of knowledge with new features in Windows > > 2003 server. I do remember specifically it wasn't the upgrade to Exchange > > 2003 that broke it, it was only AFTER I ran the Windows 2003 Server > > upgrade > > installation. IIS manager would not let me start the "default web page", > > which housed our intranet, because it could not start SSL on port 443. > > Because we don't use SSL and only use internal webpages, I simply changed > > the > > port to 444 in the interim. After applying this change, the IIS service > > would > > then start, and it would serve both the Intranet and OWA fine. It has been > > working fine like this, without SSL on 443, for a couple of months. > > > > I have since discovered that some other service (?) might be starting > > before > > IIS, and is binding the SSL port (0.0.0.0:443) first. It might be "locking > > out" IIS from starting properly when you leave SSL on its default port of > > 443. If you do a netstat, you discover port 443 is listening, which I'm > > assuming is the problem. > > > > My problem is now I want to enable SSL on port 443, and I'm still not sure > > what's stopping it from doing so. Because I've never needed to use SSL, > > I've > > not bothered fixing it, but I need it now. I need to get IIS running the > > default web page on port 443 and not on my temporary fix of port 444. > > > > If you have any ideas or suggestions, or have indeed experienced this > > problem when upgrading Exchange 2000 - Exchange 2003, I'd love to hear > > from > > you. Googling has given me few clues. > > > > Thanks. > > > > PS running SSL diags reveals the following problem if this helps. (it is a > > hp server) > > > > Verifying server certificate, it might take a while... > > #WARNING:Error 0x800b0109 : A certificate chain processed, but terminated > > in > > a root certificate which is not trusted by the trust provider > > Server certificate name: 10.1.1.1 > > Server certificate subject: C=US, O=Hewlett-Packard Company, CN=10.1.1.1 > > Server certificate issuer: C=US, O=Hewlett-Packard Company, CN=10.1.1.1 > > Server certificate validity: From 2/16/2004 4:03:45 PM To 2/13/2014 > > 4:03:45 PM > > > > > > > > > >
- Next message: Tom Kaminski [MVP]: "Re: Problem with IIS 5.1 Change IIS 6.0"
- Previous message: CES: "Re: .Net problem on localhost in FireFox"
- In reply to: JohnF: "Re: Win2003 Upgrade Broke SSL?"
- Next in thread: JohnF: "Re: Win2003 Upgrade Broke SSL?"
- Reply: JohnF: "Re: Win2003 Upgrade Broke SSL?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
