SSL Processes on IIS 6

SSL Processes on IIS 6

am 18.09.2007 04:52:05 von Nick

Greetings. Hoepfully someone here can help me with this.

I have an IIS server with multiple IP Addresses assigned: every site gets
its' own IP Address.

Additionally, I am also running Citrix Secure Gateway. It too is assigned a
static IP Address and is listening on port 443. The secure gateway has its'
own certificate that is not used by any other process.

A new web application is going to be deployed to this server and it will
require SSL.

The problem I am having is that IIS 6 is completely ignoring the specific IP
Address:Port binding I am assigning to the site. As it usually does right out
of the box, IIS is attempting to take over all IP Addresses instead of those
that are assigned.

On IIS 5, the solution was simple: exceute adsutil.vbs and disable socket
pooling. (I currenlty have a server running IIS 5 with Apache Tomcat and they
both have SSL listeners attached only to the IP Addresses they are assigned
to).

I've tried the same trick with IIS 6 to no avail.
I've also used httpcfg.exe to assign the available IP Addresses; however,
nothing seems to work, IIS still keeps trying to attach and SSL listener on
0.0.0.0.

Does anyone here have a solution to this problem?
If worse comes to worst, I'll simply transplant the entire website to an IIS
5 server.
Thank you.

Re: SSL Processes on IIS 6

am 18.09.2007 06:00:10 von Kristofer Gafvert

Hi,

You should use httpcfg.exe to set the IP addresses IIS should bind to.
After you have done this, you need to restart IIS. This should work, I
have done it many times and never encountered any problems.


"Setting metabase property DisableSocketPooling has no effect"
http://support.microsoft.com/kb/813368


--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


Nick wrote:

>Greetings. Hoepfully someone here can help me with this.
>
>I have an IIS server with multiple IP Addresses assigned: every site gets
>its' own IP Address.
>
>Additionally, I am also running Citrix Secure Gateway. It too is assigned a
>static IP Address and is listening on port 443. The secure gateway has its'
>own certificate that is not used by any other process.
>
>A new web application is going to be deployed to this server and it will
>require SSL.
>
>The problem I am having is that IIS 6 is completely ignoring the specific
>IP
>Address:Port binding I am assigning to the site. As it usually does right
>out
>of the box, IIS is attempting to take over all IP Addresses instead of
>those
>that are assigned.
>
>On IIS 5, the solution was simple: exceute adsutil.vbs and disable socket
>pooling. (I currenlty have a server running IIS 5 with Apache Tomcat and
>they
>both have SSL listeners attached only to the IP Addresses they are assigned
>to).
>
>I've tried the same trick with IIS 6 to no avail.
>I've also used httpcfg.exe to assign the available IP Addresses; however,
>nothing seems to work, IIS still keeps trying to attach and SSL listener on
>0.0.0.0.
>
>Does anyone here have a solution to this problem?
>If worse comes to worst, I'll simply transplant the entire website to an
>IIS
>5 server.
>Thank you.