Microsoft KB Archive/904785

= You cannot enter a port number in the SSL port box in the Identification dialog box for a secondary HTTP protocol server in Exchange Server 2003 =

Article ID: 904785

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition

-





SYMPTOMS
Consider the following scenario. You use Exchange System Manager to create a secondary HTTP protocol server in Microsoft Exchange Server 2003. Then, you enter a port number in the TCP port box in the Identification dialog box. In this scenario, you cannot enter a port number in the SSL port box in the Identification dialog box. The SSL port box is unavailable.



CAUSE
This issue occurs because you cannot enter the TCP port and the SSL port at the same time in the Identification dialog box.



RESOLUTION
To resolve this issue, follow these steps:
 * 1) Start Exchange System Manager.
 * 2) Expand Administrative Groups, expand  , expand Servers, and then expand  .
 * 3) Expand Protocols, expand HTTP, right-click the secondary HTTP virtual server that you created, and then click Properties.
 * 4) Click Advanced, and then click Add.
 * 5) If you want to add a specific IP address binding, click the appropriate IP address in the IP address list.

Do not type anything in the Host name box.
 * 1) Delete the number in the TCP port box. The SSL port box is now available.
 * 2) In the SSL port box, type 443, and then click OK.
 * 3) Click Yes, and then click OK two times.
 * 4) Quit Exchange System Manager.

After you perform this procedure, the SSL definition is set in Active Directory. The SSL definition is contained in the msExchSecureBinding attribute. To make SSL functional, you must use Microsoft Internet Information Services (IIS) Manager to apply the appropriate Web server certificate to the new HTTP protocol virtual server.

Important The SSL binding may be removed if either of the following conditions is true:
 * You do not use Exchange System Manager to set the msExchSecureBinding attribute in Active Directory.
 * You do not use a tool such as the Active Directory Service Interfaces (ADSI) editor to directly set the msExchSecureBinding attribute in Active Directory.

The SSL binding is removed if you use IIS Manager to set the msExchSecureBinding attribute. After the Exchange server is restarted or after an Exchange service is restarted, the value in the metabase is overwritten with the value in Active Directory.



MORE INFORMATION
This issue also applies to the default HTTP protocol servers that are created for use in an Exchange Server 2003-based cluster environment. In an Exchange Server 2003-based cluster environment, the default HTTP protocol servers are implemented as secondary HTTP protocol virtual servers.

The SSL settings on HTTP protocol servers that depend on the default Web site are configured in IIS Manager and not in Exchange System Manager. Therefore, these servers are not affected by this issue.

