Article ID: 236936
Article Last Modified on 6/9/2006
APPLIES TO
- Microsoft Internet Information Server 4.0
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Server 4.0 Enterprise Edition
This article was previously published under Q236936
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
SYMPTOMS
When you delete a key certificate under Key Manager, the SSL port number that is specified for that key still exists on the Web Site tab of the Default Web Site Properties window. You may not be able to delete the port setting, even in the Web Site Identification's Advanced window. However, the server is still listening to that port.
CAUSE
The Default Web Site options under the Console Root and Key Manager are actually two separate programs. In this instance, the port binding information between the two utilities is not updated correctly.
RESOLUTION
Windows NT Server or Windows NT Workstation 4.0
To resolve this problem, obtain the latest service pack for Microsoft Windows NT 4.0. Or, obtain the individual software update. For more information about how to obtain the latest service pack for Windows NT 4.0, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
For more information, visit the following Microsoft Web site:
For information about how to obtain the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers, and for information about support costs, visit the following Microsoft Web site:
Windows NT Server 4.0, Terminal Server Edition
To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
WORKAROUND
To work around this issue, use one of the following methods.
Method 1
Before you delete the key certificate by using the Key Manager utility, manually change the SSL port number to 0 on the Web Site tab in the Default Web Site Properties window. After you apply the change, open Key Manager, and then delete the key certificate.
Method 2
If you have already deleted the SSL key, you can remove the SecureBinding key in the metabase by using the Adsutil.vbs tool. To do this, follow these steps:
- Open a Command Prompt window.
- Navigate to the following directory:
c:\winnt\system32\inetsrv\adminsamples
- Run the following command:
cscript adsutil.vbs delete w3svc/
X/securebindingsNote In this command,
Xis the identifier for the Web site. For example, this command for the Default Web site is as follows:cscript adsutil.vbs delete w3svc/1/securebindings
STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0 and in Windows NT Server 4.0, Terminal Server Edition.
This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and in Windows NT Server 4.0, Terminal Server Edition Service Pack 6.
MORE INFORMATION
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Additional query words: administration security 4.00
Keywords: kbbug kbnofix kbqfe KB236936
