Microsoft KB Archive/831167

= You cannot log on to a Web site or complete an Internet transaction, or you receive an HTTP 500 (Internal Server Error) Web page =

Article ID: 831167

Article Last Modified on 10/26/2005

-

APPLIES TO


 * Microsoft Internet Explorer 6.0

-



SYMPTOMS
You may not be able to log on to a Web site or complete an Internet transaction after you install the 832894 (MS04-004) security update. For example, when you submit your user name and password to an SSL-secured Web site by using a form on a HTTPS Web page, you may receive an HTTP 500 (Internal Server Error) Web page.



CAUSE
This problem may occur after you apply the 832894 security update (MS04-004) or the 821814 hotfix on a computer that runs Microsoft Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, or Windows 98.

For additional information about these software updates, click the following article number to view the article in the Microsoft Knowledge Base:

832894 MS04-004: Cumulative security update for Internet Explorer

821814 You receive a &quot;page cannot be displayed&quot; error message when you post to a site that requires authentication

The 832894 security update (MS04-004) and the 821814 hotfix change how the Internet extensions for Windows (Wininet.dll) retries POST requests when a Web server resets the connection. Programs that use Windows Internet (Wininet) application programming interface (API) functions to post data (such as a user name or a password) to a Web server retry the POST request without including the POST data if the Web server closes (or resets) the initial connection request.

Note A POST request does not include POST data if its content length is set to 0 or is empty.

Sometimes, this behavior prevents another reset and permits authentication to complete. However, you may receive an HTTP 500 (Internal server error) Web page if the Web server must have the POST data included when Wininet retries the POST request.



Update information
To download and to install this update, visit the Microsoft Windows Update Web site, and then install critical update 831167:

http://windowsupdate.microsoft.com

Administrators can download this update from the Microsoft Download Center or from the Microsoft Windows Update Catalog to deploy to multiple computers. If you want to install this update later on one or more computers, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog.

For additional information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:

323166 How to download Windows updates and drivers from the Windows Update Catalog

The following files are available for download from the Microsoft Download Center:

Download the Q831167.exe (32-bit) package now.

Download the Q831167.exe (64-bit) package now.

Release Date: February 12, 2004

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites
To install this update, you must be running Internet Explorer 6 SP1 (version 6.00.2800.1106) on one of the following versions of Windows:
 * Microsoft Windows XP Service Pack 1
 * Microsoft Windows XP 64-Bit Edition, Service Pack 1
 * Microsoft Windows XP
 * Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
 * Microsoft Windows NT Workstation, Server, and Terminal Server Edition 4.0 Service Pack 6a
 * Microsoft Windows 98
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows Millennium Edition

Note Because the 832894 (MS04-004) security update supports Windows 98, Windows 98 Second Edition, Windows Millennium Edition, and Windows 2000 SP2, this update will be also be supported on those operating systems.

Restart requirement
You must restart your computer after you apply this update.

Update replacement information
This update replaces 821814 for Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, Windows 98 Second Edition, and Windows 98.

Note This update does not replace 821814 for Windows Server 2003 because the problem that is described in this article does not occur on Windows Server 2003-based computers.

Deployment information
The packages for this update support the following Setup switches:
 * /q : Use Quiet mode or suppress messages when the files are being extracted.
 * /q:u : Use User-Quiet mode. User-Quiet mode presents some dialog boxes to the user.
 * /q:a Use Administrator-Quiet mode. Administrator-Quiet mode does not present any dialog boxes to the user.
 * /t:  Specify the location of the temporary folder that is used by Setup or the target folder for extracting files (when using /c).
 * /c Extract the files without installing them. If /t:  is not specified, you are prompted for a target folder.
 * /c:  Specify the path and the name of the Setup .inf file or the .exe file.
 * /r:n Never restart the computer after installation.
 * /r:i Prompt the user to restart the computer if a restart is required, except when this switch is used with the /q:a switch.
 * /r:a Always restart the computer after installation.
 * /r:s Restart the computer after installation without prompting the user.
 * /n:v Do not check version. Use this switch with caution to install the update on any version of Internet Explorer.

For example, to install the update without any user intervention and without a restart, use the following command:

q831167.exe /q:a /r:n

File information
The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version        Size       File name    Platform ---  06-Feb-2004  18:05  6.0.2800.1405    588,288  Wininet.dll 07-Feb-2004 01:41  6.0.2800.1405  1,796,608  Wininet.dll  IA-64



WORKAROUND
If you cannot apply the update that is discussed in the Resolution section, you can use one of the following server-side actions to work around the problem:  Increase the HTTP keep-alive timeout interval on the Web server or the proxy server. There is no setting in Microsoft Internet Information Services (IIS) to control the keep-alive timeout other than the Windows registry KeepAliveTime value. But with some Web servers and some proxy servers, you can specify a connection expiration time. If you can specify a connection expiration time in the Web server or the proxy server, increase the keep-alive timeout interval. See your Web server documentation for the correct setting name and value. The default keep-alive timeout value for Internet Explorer is one minute (60 seconds). Therefore, you must use an HTTP keep-alive timeout interval on the Web server or the proxy server that is greater than one minute.

For additional information about the Windows KeepAliveInterval parameter, the Windows KeepAliveTime parameter, and the Internet Explorer KeepAliveTimeout parameter, click the following article numbers to view the articles in the Microsoft Knowledge Base:

314053 TCP/IP and NBT configuration parameters for Windows XP

120642 TCP/IP and NBT configuration parameters for Windows 2000 or Windows NT

813827 How to change the default keep-alive time-out value in Internet Explorer



 Disable the HTTP &quot;keep alive connections&quot; on the server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

238210 HTTP keep-alive header sent whenever ASP buffering is enabled





STATUS
Microsoft has confirmed that this is a problem in Microsoft Internet Explorer 6.



MORE INFORMATION
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

After you apply the 831167 software update that is described in this article, programs that use Wininet functions to post data to a Web server will resend complete POST requests when a connection with a Web server is reset.

To enable header-only post behavior, create a DWORD value named .exe, where   is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys:  For all users of the program, set the value in the following registry key:

</li> For the current user of the program only, set the value in the following registry key:

</li></ul>

For example, to enable header-only post behavior in Internet Explorer and in Windows Explorer, create DWORD values for Iexplore.exe and for Explorer.exe in one of these registry keys, and then set their value data to 1.

Note To enable header-only post behavior for all programs that use Wininet functions to post data to a Web server, create a DWORD value named * to the same registry key, and set the value's value data to 1.

Keywords: kbhotfixserver kbqfe kbhotfixserver kbqfe atdownload kbie600sp2fix kbie600presp2fix kbfix kbbug KB831167

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.