Microsoft KB Archive/296620

= The Internet Clients Cannot Access the Published Web Servers =

Article ID: 296620

Article Last Modified on 7/26/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q296620



SYMPTOMS
Internet Security and Acceleration (ISA) Server can be configured to publish Web content to the Internet from Web servers that are located in an intranet. After you configure ISA Server to publish Web content, client computers that are located on the Internet may not be able to access the published content.



CAUSE
This behavior can occur when, by default, Internet Information Services (IIS) version 5.0 is installed at the same time as either Microsoft Windows 2000 Server or Microsoft Windows 2000 Advanced Server is installed. By default, IIS listens for incoming requests on Transmission Control Protocol (TCP) port 80 on all computer interfaces. However, only one service can listen on a single port at one time.

When the server is restarted and IIS binds to TCP port 80 before ISA server can bind to it, any incoming requests are processed by IIS, not ISA Server. Because ISA Server does not receive the incoming request, the request is never proxied to the target Web server, and the request for content is unsuccessful.



RESOLUTION
To work around this behavior, use any of the following three methods:  If you host Web sites directly on ISA Server, you must instruct the IIS server not to bind on the external Internet Protocol (IP) or IPs of ISA Server. Instead, you must bind all Web sites to the internal IP or IPs of ISA Server where you can use port 80. To follow this instruction, you must open the Internet Services Manager. Open the properties for the Web sites to be published, and then change the IP address from &quot;All Unassigned&quot; to the internal IP address of ISA Server. This step, however, does not unbind the port from the public IP until you use the steps in the following article:

238131 How to Disable Socket Pooling

 If you are not hosting Web sites directly on ISA Server by using IIS, disable the IIS service. This step can prevent IIS from binding to TCP ports 80 and 443 before ISA Server can bind to them.

To disable IIS, in Control Panel, double-click Administrative Tools, and then double-click Services. Locate and double-click the World Wide Web Publishing service in the list of services. Set its &quot;Startup Type&quot; to &quot;Disabled.&quot; Perform the same steps for the IIS Admin Service. Change the port that IIS binds to when it starts. This step leaves TCP port 80 open for ISA Server to bind to. To change the port that IIS binds to, refer to the following article:

149605 How to Change the TCP Port for IIS Services





MORE INFORMATION
Any Secure Socket Layer (SSL) requests on TCP port 443 are also affected by the behavior described in the Symptoms section of this article.

Keywords: kbenv kbprb KB296620

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.