Microsoft KB Archive/165338

From BetaArchive Wiki
Knowledge Base


Article ID: 165338

Article Last Modified on 6/23/2005


APPLIES TO

  • Microsoft Internet Information Server 2.0
  • Microsoft Internet Information Server 3.0


This article was previously published under Q165338

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx


SYMPTOMS

When you install a Secure Sockets Layer (SSL) Certificate and commit the changes, and you stop and restart the WWW service, you may get the following error message:

Winsock Error: Address already in use


NOTE: This error message will also appear when you run the QBIK Wingate Engine (as Service). This service is similar to Dialup Networking.

CAUSE

Because the SSL binding is the newly installed key to port 443 and does not allow anything else to use that specific port, the TCP port on IIS cannot use the same port as the SSL port.

Notes:

  • Some other Web Servers do allow a shared port, for example, Netscape Enterprise Server 2.0.
  • 443 is only an example port.


WORKAROUND

WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

Use the following steps to check to see if the ports are the same:

  1. In Internet Service Manager, go to WWW Properties and check TCP port value.

  2. Open Regedit or Regedt32 and go to following location:

       HKEY_LOCAL_MACHINE\CurrentControlSet\Services\W3SVC\Parameters
  3. Select the SecurePort key and get value in parenthesis (for example, 443).
  4. Check the two numbers (IIS TCP port and SecurePort) and verify that they are not the same. If they are duplicated, change the TCP port value in Internet Service Manager to port 90 or any other port that is not in use.

    This will correct this Winsock error and should allow IIS to be restarted again.

NOTE: To do this you must first make a backup of your key and then remove it from key manager. IIS will not restart until this has been done because SSL still has control of the port so the port value cannot be changed.

MORE INFORMATION

For information about changing the Secure Socket Layer port for Internet Information Server 4.0, see the following article in the Microsoft Knowledge Base:

171138 : Secure TCP Port Not Properly Specified


Keywords: kberrmsg KB165338



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/165338&oldid=85778
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki