Re: Intermittent SSL connection problems with IIS6 on Windows 2003 R2 SP2

Andrew,
The certificate looks fine. Both sites open fine from here.

If I disable javascript I don't get a menu. You seem to be using MenuMachine for Adobe GoLive.

Are you saying that those people who can't view the https default page can always view the http default page, or is it something more than that?

For people who fail over https, do you know if it still fails when they add you to their trusted sites? I am also wondering if it has something to do with proxy servers.

Anthony,
http://www.airdesk.co.uk



"Andrew Dancy" <adancy@xxxxxxxxx> wrote in message news:7df6a9f2-87ca-476d-a22e-0816b474fa8e@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm tearing my hair out over a really annoying problem with a website
hosted with IIS6 and would appreciate any help people can give.

We've just had to migrate a website from an old Windows 2000 machine
to a new Windows 2003 machine, and at the same time move it into a new
hosting facility. Now we're experiencing problems with some users
unable to use SSL to connect via https to our website. I'm not
completely sure whether it's a problem with IIS, Windows, the firewall
(a Cisco PIX) or the hosting facility, but I thought I'd start with
the former and try to eliminate those as potential causes first.

The website is at http://www.lovetts.co.uk and also at https://www.lovetts.co.uk
. Some of our clients have no problem using the https version.
However, others get an Internet Explorer 'page cannot be displayed'
when they try to access the SSL version. This seems to rule out a
certificate issue, as otherwise no-one would be able to see the site.
To be sure, I've had the certificate reissued and reinstalled.

The IIS6 logs don't show anything at all, and our firewall simply logs
a TCP reset, indicating either the client or the server dropped the
connection.

The clients experiencing problems have a mix of operating systems
(Windows 2000 and XP mostly) and a variety of IE versions (mainly 6 or
7) so there doesn't appear to be a common link there.

Has anyone seen anything like this before? Any ideas? Also, if there
is anyone that can't get to https://www.lovetts.co.uk and doesn't mind
doing a bit of diagnostic work (traceroutes, MTU checking, etc) then
I'd be grateful if they could reply or email me.

Andrew

.

Relevant Pages

  • Re: X509 and SSL
    ... When you enable SSL / HTTPS on a particular folder, ... If you need to authenticate your clients via signatures, ... >>> must i buy one certificate for sign response messages and one ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: SSL Encryption
    ... > still connecting with HTTPS, ... But with real clients we do not want to use this mechanism. ... > We want to physically give the clients the certificate, ... > Thank you, Russ ...
    (microsoft.public.dotnet.general)
  • Re: SSL Encryption
    ... Thank you Kevin. ... still connecting with HTTPS, duh! ... But with real clients we do not want to use this mechanism. ... We want to physically give the clients the certificate, ...
    (microsoft.public.dotnet.general)
  • IE https certificate attack
    ... A flaw in Microsoft Internet Explorer allows an attacker to perform ... server name with the name stored in the certificate. ... There is a flaw in the way IE checks HTTPS objects that are embedded into ... I don't know the source code of the Internet Explorer I cannot check the ...
    (Bugtraq)
  • Re: IE https certificate attack
    ... How non-interactive ssl clients in EAI and web services software handle ... Subject: IE https certificate attack ...
    (Vuln-Dev)
Loading