Microsoft KB Archive/324839

From BetaArchive Wiki
Knowledge Base


Article ID: 324839

Article Last Modified on 11/21/2006


APPLIES TO

  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0


This article was previously published under Q324839

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx


IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


SYMPTOMS

When you try to open a Web site that has Secure Sockets Layer (SSL) enabled in Internet Information Server (IIS) 4.0 or Internet Information Services (IIS) 5.0 with https, the browser stops responding (hangs) after the SSL handshake. The system log shows the following event:

Event Source: W3svc
Event ID: 23
Event Type: information
Description:
For compatibility with previous versions of IIS, the filter '<drive>\winroot\System32\Inetsrv\Sspifilt.dll' was loaded as a global filter from the registry. To control the filter with the Internet Service Manager, remove the filter from the registry and add it as a global filter with Internet Service Manager. Filters in the registry are stored at "HKLM\System\CurrentControlSet\Services\W3Svc\Parameters\Filter DLLs".

CAUSE

To enable SSL for Web sites in IIS 4.0 and IIS 5.0, the Web sites must have the Sspifilt.dll global filter loaded from the Internet Service Manager instead of from the registry.

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. Make sure that Sspifilt.dll is not loaded in the legacy W3SVC registry entry:
    1. Click Start, click Run, and then type regedt32.
    2. In the left pane of Registry Editor, locate the HKEY_Local_Machine\System\CurrentControlSet\Services\W3SVC\Parameters registry key.
    3. In the right pane, double-click Filter DLLs to display the string value.
    4. Delete the path entry for Sspifilt.dll. By default, this is Windows directory\System32\Inetsrv\Sspifilt.dll.
    5. Click OK to close Registry Editor.
  2. Reload the Sspifilt filter:
    1. Open the Internet Services Manager.
    2. In the left pane, right-click the server name, and then click Properties.
    3. Under Master Properties, select WWW Service, and then click Edit.
    4. Click the ISAPI Filters tab.
    5. In the list of installed filters, look for Sspifilt. If it is listed, you can skip the remaining steps.
    6. If Sspifilt is not listed, click Add.
    7. In the Filter Properties dialog box, type sspifilt for Filter Name and Windows directory\system32\Inetsrv\Sspifilt.dll for Executable. Then click OK three times to return to the Internet Services Manager window.
    8. At a command prompt, type net stop iisadmin /y. This stops IIS and its dependent services.
    9. At a command prompt, type net start w3svc. This starts the IIS Admin service and the World Wide Web Publishing service. You may have to start other dependent services manually.
    10. Repeat steps a-e and verify that the status of the Sspifilt filter is now shown with a green upward-pointing arrow. Also, verify that the filter has a high priority. If it is not the first filter listed, use the up arrow to the left of the filter list to move it to the top.


REFERENCES

For additional information about this problem when you are using IIS 4.0, click the article number below to view the article in the Microsoft Knowledge Base:

289582 HTTPS Connections Fail After You Upgrade to Windows NT 4.0 Option Pack (IIS 4.0) and Enable SSL



Additional query words: iis 5

Keywords: kbprb kbpending KB324839



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/324839&oldid=331133
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki