Microsoft KB Archive/908209

= Internet Explorer 6 cannot use the Kerberos authentication protocol to connect to a Web site that uses a non-standard port in Windows XP and in Windows Server 2003 =

Article ID: 908209

Article Last Modified on 11/15/2007

-

APPLIES TO

 Microsoft Internet Explorer 6.0, when used with:  Microsoft Windows XP Professional

 Microsoft Windows XP Home Edition

 Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems

 Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

 Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

 Microsoft Windows Server 2003, Enterprise x64 Edition</li></ul>

 Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

 Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

 Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

 Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

 Microsoft Windows Server 2003, Web Edition</li></ul> </li></ul>

-

<div class="notice_section">

Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista

<div class="symptoms_section">

SYMPTOMS
Consider the following scenario:
 * The computer is running one of the following operating systems:
 * Windows XP
 * Windows Server 2003
 * The computer has Internet Information Services (IIS) installed.
 * You have two Web sites that have different ports and identities. These two Web sites are running on the same computer. For example, Web site 1 runs on port 80 under identity &quot;id1&quot; and Web site 2 runs on port 81 under identity &quot;id2”.
 * Both the Web sites use Kerberos authentication protocol version 5.
 * You use the Setspn utility to declare the Service Principal Name (SPN) for Web site 2.
 * You use the same host name to connect to Web site 1 and to Web site 2. You use Microsoft Internet Explorer 6 to make this connection.

For example, you use  to connect to Web site 1 and   to connect to Web site 2. In this example, you use the same  host name to connect to both Web sites.

In this scenario, Internet Explorer 6 can use the Kerberos protocol to connect to Web site 1. However, Internet Explorer 6 cannot use the Kerberos protocol to connect to Web site 2.

<div class="cause_section">

CAUSE
This problem occurs because the Wininet.dll file does not pass the port number of the target Web site when it calls the InitializeSecurityContext function to build the Kerberos ticket. This prevents Internet Explorer 6 from using the Kerberos protocol to connect to multiple Web sites that run on different ports under different identities.

<div class="resolution_section">

Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Prerequisites
No prerequisites are required.

Restart requirement
You must restart your computer after you apply this hotfix.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

<div class="resolution_section">

Service pack information
To resolve this problem, obtain the latest service pack for Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

Prerequisites
No prerequisites are required.

Restart requirement
You must restart your computer after you apply this hotfix.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003, x86-based versions
<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Post-hotfix installation instructions
Note These steps should be applied on the client computer on which you try to open the Web page.

After you install the hotfix, you must add the  registry key, and then set its DWORD value to iexplore.exe. To do this, follow these steps.

For 32-bit computers
<ol> Click Start, click Run, type regedit, and then click OK.</li> In the left pane, locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

</li> <li>On the Edit menu, point to New, and then click Key.</li> <li>Type FEATURE_INCLUDE_PORT_IN_SPN_KB908209, and then press ENTER.</li> <li>On the Edit menu, point to New, and then click DWORD Value.</li> <li>Type iexplore.exe, and then press ENTER.</li> <li>On the Edit menu, click Modify.</li> <li>Type 1 in the Value data box, and then click OK.</li> <li>Exit Registry Editor.</li></ol>

For 64-bit computers
<ol> <li>Click Start, click Run, type regedit, and then click OK.</li> <li>In the left pane, locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl

</li> <li>On the Edit menu, point to New, and then click Key.</li> <li>Type FEATURE_INCLUDE_PORT_IN_SPN_KB908209, and then press ENTER.</li> <li>On the Edit menu, point to New, and then click DWORD Value.</li> <li>Type iexplore.exe, and then press ENTER.</li> <li>On the Edit menu, click Modify.</li> <li>Type 1 in the Value data box, and then click OK.</li> <li>Exit Registry Editor.</li></ol>

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbwinserv2003sp2fix kbwinxpsp3fix kbwinxppresp3fix kbwinserv2003presp2fix kbbug kbfix kbhotfixserver kbqfe kbpubtypekc KB908209

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.