IIS 6 / SSL issue

I have a SBS 2003 server that, up until about 2 weeks ago, was serving my
companys Outlook Web and Remote Desktop services without issue.

Something apparnetly happened that is now preventing any SSL connections. I
can browse all HTTP virtual directories OK, but any site or directory that
requires SSL encryption gives me a "Page cannot be displayed" error. If I
clear the "Require secure channel (SSL)" checkbox, everything loads normally.

I found through some diagnosis, that SCHANNEL.DLL was missing from my
%Systemroot%\system32 folder. I put a copy of SCHANNEL.DLL from another SBS
2003 box into that folder, but my problems persist.

I ran SSLDiag and everything looks OK except for the following lines:

[ W3SVC/1 ]
#You have a private key that corresponds to this certificate
#WARNING: AcquireCredentialsHandle failed with error -2146893051(0x80090305)

[ W3SVC/1/ROOT/Remote ]
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on
this website)
#WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not work
on this website)

The info frame at the bottom of the SSLDiag program says something about
trying to install a new certificate, and if that doesn't work I may have some
DLL or crypto issue.

I don't quite understand the full funcion of SSL certificates, but I did
find one was installed, I think it was automatically generated during the
server installation. I used SSLDiag to generate a new certificate and applied
it, but this did not seem to change anything. I still received the same error
messages when running SSLDiag again.


Finally, I tried telnetting to the localhost @ 443 - no response.

I have a feeling that some important system file is missing or an incorrect
version. Where do I start to find it? Might removing and reinstalling IIS 6
help me?


TIA,

Daniel Stumpf

RE: IIS 6 / SSL issue

Check to make sure you have this security update installed: 835732
MS04-011: Security Update for Microsoft Windows
http://support.microsoft.com/?id=835732

I have seen this error when this update was not installed, once we
installed it and rebooted the server, then SSL worked.

Thank you,

Jackie Jaynes [MSFT]
Microsoft IIS
JackieJa@online.microsoft.com

Please do not send email directly to this alias. This
is our online account name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.

Re: IIS 6 / SSL issue

Error 0x80090305 is "the requested security package does not exist", which
may be related to missing schannel.dll

I'm not sure that just placing schannel.dll onto your box will be
sufficient. You can try the QFE that Jacqueline has suggested as it may have
an updated schannel.dll that will register itself when installed.

Cheers
Ken

"Daniel Stumpf" wrote in message
news:B691C750-B850-4BA1-BA37-5FCFF577514F@microsoft.com...
>I have a SBS 2003 server that, up until about 2 weeks ago, was serving my
> companys Outlook Web and Remote Desktop services without issue.
>
> Something apparnetly happened that is now preventing any SSL connections.
> I
> can browse all HTTP virtual directories OK, but any site or directory that
> requires SSL encryption gives me a "Page cannot be displayed" error. If I
> clear the "Require secure channel (SSL)" checkbox, everything loads
> normally.
>
> I found through some diagnosis, that SCHANNEL.DLL was missing from my
> %Systemroot%\system32 folder. I put a copy of SCHANNEL.DLL from another
> SBS
> 2003 box into that folder, but my problems persist.
>
> I ran SSLDiag and everything looks OK except for the following lines:
>
> [ W3SVC/1 ]
> #You have a private key that corresponds to this certificate
> #WARNING: AcquireCredentialsHandle failed with
> error -2146893051(0x80090305)
>
> [ W3SVC/1/ROOT/Remote ]
> #WARNING:AccessSSL = True (resource inaccessible due to SSL does not work
> on
> this website)
> #WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not
> work
> on this website)
>
> The info frame at the bottom of the SSLDiag program says something about
> trying to install a new certificate, and if that doesn't work I may have
> some
> DLL or crypto issue.
>
> I don't quite understand the full funcion of SSL certificates, but I did
> find one was installed, I think it was automatically generated during the
> server installation. I used SSLDiag to generate a new certificate and
> applied
> it, but this did not seem to change anything. I still received the same
> error
> messages when running SSLDiag again.
>
>
> Finally, I tried telnetting to the localhost @ 443 - no response.
>
> I have a feeling that some important system file is missing or an
> incorrect
> version. Where do I start to find it? Might removing and reinstalling IIS
> 6
> help me?
>
>
> TIA,
>
> Daniel Stumpf