Microsoft KB Archive/297608

{|
 * width="100%"|

IISlock.exe Security Tool May Break SSL Functionality on IIS 5.0

 * }

Q297608

-

The information in this article applies to:


 * Microsoft Internet Information Services version 5.0

-

SYMPTOMS
After you run Iislock.exe on an Internet Information Services (IIS) 5.0 Web server, the Secure Sockets Layer (SSL) functionality on the Web server may be broken.

CAUSE
The Microsoft Windows 2000 Internet Server Security Configuration Tool locks down the server by using Internet Protocol security (IPSec) and Windows 2000 security policies.

RESOLUTION
You can remove the IPsec restrictions by unassigning the IPSec Secure Web policy and configuring the computer with the default security policy settings. To do this, follow these steps:

Open Microsoft Management Console.

Click Console, click Add/Remove Snap-in, and then click Add.

Add the following to the console:


 * IP Security Policy Management
 * Security Configuration and Analysis
 * Security Templates

Close the Add Snap-in windows.

Click IP Security Policy Management.

Right-click SecureWeb policy and click Un-assign.

Right-click Security Configuration and Analysis and click Open Database.

Type Setup and click Open.

Select Setup Security.inf and click Open.

Right-click Security Configuration and Analysis and click Configure Computer Now.

On Error log file path, click OK.

Wait while the computer configures, and then restart the computer.

MORE INFORMATION
The following file is available for download from the Microsoft Download Center:

"IIS Lock Utility" NOTE: Use this utility with extreme caution. It is imperative that you read the Readme.txt file before you install this tool on the Web server.

Additional query words: IIS 5

Keywords :

Issue type : kbprb

Technology : kbiisSearch kbiis500