Microsoft KB Archive/165338

= IIS Does Not Allow its TCP Port to Be Same as SSL Port =

Article ID: 165338

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 2.0
 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q165338



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When you install a Secure Sockets Layer (SSL) Certificate and commit the changes, and you stop and restart the WWW service, you may get the following error message:

Winsock Error: Address already in use

NOTE: This error message will also appear when you run the QBIK Wingate Engine (as Service). This service is similar to Dialup Networking.



CAUSE
Because the SSL binding is the newly installed key to port 443 and does not allow anything else to use that specific port, the TCP port on IIS cannot use the same port as the SSL port.

Notes:


 * Some other Web Servers do allow a shared port, for example, Netscape Enterprise Server 2.0.
 * 443 is only an example port.



WORKAROUND
WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

Use the following steps to check to see if the ports are the same:

 In Internet Service Manager, go to WWW Properties and check TCP port value.  Open Regedit or Regedt32 and go to following location:   HKEY_LOCAL_MACHINE\CurrentControlSet\Services\W3SVC\Parameters

 Select the SecurePort key and get value in parenthesis (for example, 443). Check the two numbers (IIS TCP port and SecurePort) and verify that they are not the same. If they are duplicated, change the TCP port value in Internet Service Manager to port 90 or any other port that is not in use.

This will correct this Winsock error and should allow IIS to be restarted again.

NOTE: To do this you must first make a backup of your key and then remove it from key manager. IIS will not restart until this has been done because SSL still has control of the port so the port value cannot be changed.

<div class="moreinformation_section">

MORE INFORMATION
For information about changing the Secure Socket Layer port for Internet Information Server 4.0, see the following article in the Microsoft Knowledge Base:

171138 : Secure TCP Port Not Properly Specified

Keywords: kberrmsg KB165338

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.