Microsoft KB Archive/292296

= &quot;Cannot find server&quot; or &quot;DNS&quot; Errors When Using SSL (Q & A) =

Article ID: 292296

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q292296



SUMMARY
The &quot;Cannot find server&quot; or &quot;DNS error&quot; browser error messages are symptoms of several different problems. This article lists some of the more common reasons this error may occur when the Web site is using Secure Sockets Layer (SSL) and is therefore accessed by using https://.



MORE INFORMATION
 Was the Web server certificate part of an export or import process? There is a known problem during the import process in which the wrong cryptographic service provider (CSP) is chosen. You may also see an Schannel Event ID: 36871 message. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

261655 Cannot Make an SSL Connection After Exporting and Importing an Server Certificate

 Is the Web Server running Windows 2000, and has the Web server certificate recently renewed? The usual renewal process involves sending a renewal request to the Web server certificate issuer (that is, a Certificate Authority such as VeriSign, Netscape, or Microsoft.) A fix has been developed that ensures that a standard PKCS10-formatted renewal request is created. For more information, see the following Knowledge Base article:

262979 Cannot Renew Verisign Certificates in IIS 5.0

 Is the Sspifilt.dll file loaded on the IIS master properties ISAPI Filter tab? If not, add the Sspifilt.dll name and the \Winnt\System32\Inetsrv\Sspifilt.dll execution path to the IIS master properties ISAPI Filter tab.

 Were any changes made to the IIS computer or Web site while a certificate request was pending? (For example, a certificate request was generated and sent to VeriSign. Before the certificate was installed, a service pack was applied, the high encryption pack was installed, or the Web site bindings were changed.) If so, you must generate a new certificate request. It is important that you do not change anything while a certificate request is pending.

 Does the Web site have a secure identity? To confirm this, follow these steps:

 Make sure that the Web site is bound to a secure port.  From the Microsoft Management Console (MMC), right-click the Web site and click Properties.</li> On the Web Site tab, note the IP address (this may be All Unassigned) and SSL port.NOTE: If the SSL port is blank, type 443 and restart the IIS service. If the port is dimmed, a server certificate has not been successfully installed. For more information, see the following Knowledge Base article:

228836 Installing a New Certificate with Certificate Wizard for Use in SSL/TLS

</li></ol> </li> Confirm that the Web site is correctly bound to the network card. <ol style="list-style-type: lower-alpha;"> From a command prompt, type netstat -an .</li> If the Web site was bound to the All Unassigned IP address and SSL port 443, verify that the Local Address entry is 0.0.0.0:443.

If the Web site was bound to a specific IP address (for example, 172.26.207.120) and SSL port 443, verify that the Local Address entry is IPaddress:443 (for example, 172.26.207.120:443).</li></ol> </li></ol> </li></ul>

Keywords: kbfaq KB292296

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.