Microsoft KB Archive/182712

= Err Msg: "Unable to Connect to " Over SSL Connection =

Article ID: 182712

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q182712



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
On a Web site with a large number of concurrent users using Secure Sockets Layer (SSL), the client may randomly receive the following error message:

Unable to connect to '' a connection with the server could

not be established.

Refreshing the page can recover the session.



CAUSE
The more complex the page, the longer it takes to download the page; therefore, the fewer people who can enter the site at one time. If you have a site with complex pages, you will encounter this problem with only a small number of concurrent users more frequently than will a site with simpler pages.

This problem arises because each individual object on a page creates a separate session to download this object to the client. By default, the SSL component has only sufficient cache to maintain 100 sessions. This limitation is associated with the schannel component (Schannel.dll), used for SSL/PCT.



WORKAROUND
WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it.

To increase the size of the SSL server cache, modify the following registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Value Name: ServerCache

Data Type: REG_DWORD

Data: 1000 (Default = 100)

Keywords: kbprb KB182712

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.