Microsoft KB Archive/236936

= FIX: Removing SSL key leaves behind undeletable port =

Article ID: 236936

Article Last Modified on 6/9/2006

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition

-



This article was previously published under Q236936



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When you delete a key certificate under Key Manager, the SSL port number that is specified for that key still exists on the Web Site tab of the Default Web Site Properties window. You may not be able to delete the port setting, even in the Web Site Identification's Advanced window. However, the server is still listening to that port.



CAUSE
The Default Web Site options under the Console Root and Key Manager are actually two separate programs. In this instance, the port binding information between the two utilities is not updated correctly.



Windows NT Server or Windows NT Workstation 4.0
To resolve this problem, obtain the latest service pack for Microsoft Windows NT 4.0. Or, obtain the individual software update. For more information about how to obtain the latest service pack for Windows NT 4.0, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to obtain the latest Windows NT 4.0 service pack

For more information, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?pr=ntw40

For information about how to obtain the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers, and for information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS



Windows NT Server 4.0, Terminal Server Edition
To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to obtain the latest Windows NT 4.0 service pack



WORKAROUND
To work around this issue, use one of the following methods.

Method 1
Before you delete the key certificate by using the Key Manager utility, manually change the SSL port number to 0 on the Web Site tab in the Default Web Site Properties window. After you apply the change, open Key Manager, and then delete the key certificate.

Method 2
If you have already deleted the SSL key, you can remove the SecureBinding key in the metabase by using the Adsutil.vbs tool. To do this, follow these steps:  Open a Command Prompt window. Navigate to the following directory:

c:\winnt\system32\inetsrv\adminsamples

 Run the following command:

cscript adsutil.vbs delete w3svc/ /securebindings

Note In this command,  is the identifier for the Web site. For example, this command for the Default Web site is as follows:

cscript adsutil.vbs delete w3svc/1/securebindings





STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0 and in Windows NT Server 4.0, Terminal Server Edition.

This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and in Windows NT Server 4.0, Terminal Server Edition Service Pack 6.

<div class="moreinformation_section">

MORE INFORMATION
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional query words: administration security 4.00

Keywords: kbbug kbnofix kbqfe KB236936

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.