|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Install SSL on Default Website Affects Other websites???Can someone please tell me why I get a security certificate popup window on
all my other websites on my IIS server after installing SSL on the default website??? I am running windows 2003 server with IIS 6 and have all my websites installed with individual IP Addresses. However for some reason when I try to access any of the websites that are run from that IIS server I get the same Security Alert popup asking if I want to accept the certificate??? If I stop the default website it doesn't occur any more! I need to run SSL on the default website and not on the other websites can someone please help! Thank you! This wouldn't normally happen, so there must be something about your
configuration... If you look in the properties for all your other websites, is there a certificate configured (and SSL port) configured? What at the IP address/port bindings for all your sites? Cheers Ken Show quoteHide quote "Tim::.." <Tim@newsgroups.nospam> wrote in message news:27D5F1CD-43DD-4411-A164-FDB642987A98@microsoft.com... : Can someone please tell me why I get a security certificate popup window on : all my other websites on my IIS server after installing SSL on the default : website??? : : I am running windows 2003 server with IIS 6 and have all my websites : installed with individual IP Addresses. However for some reason when I try to : access any of the websites that are run from that IIS server I get the same : Security Alert popup asking if I want to accept the certificate??? : : If I stop the default website it doesn't occur any more! : : I need to run SSL on the default website and not on the other websites can : someone please help! : : Thank you! Hi Tim,
Thanks for posting! From your understanding, I'm not very clearly about the current issue. I understand collecting information will charge your time. However, this will help me to understand the issue very well. I appreciate your understanding. First, I want to know which way is used when the issue occurs, HTTP or HTTPS. Second, I suggest you check the configuration of SSL port for each site. If the settings is same, I recommend you set the port for each site as a distinguish number, such as 443, 444, 445 etc. Hope this will be helpful. If you have any concerns, please don't hesitate to let me know. Regards, Yuan Ren [MSFT] Microsoft Online Support Thank you for your post...
OK... This is how I have my sites configured... Default Website: HTTP: IP Address: 192.168.0.2 Port: 80 HTTPS: IP Address: 192.168.0.2 PORT: 443 Website 2: HTTP: IP Address: 192.168.0.3 Port: 80 HTTPS: No HTTPS Configured Website 3: HTTP: IP Address: 192.168.0.4 Port: 80 HTTPS: No HTTPS Configured I am not using Host Headers and can ping all the sites with there DNS name and it returns there correct IP Address. However when I enter the DNS Name for website 2 or website 3 (E.G: http://www.website1.com) I get a security alert asking me if I want to accept the certificate. If I say NO... The alert disappears and the site loads fine... If I turn off Annonymous Authentification on the Default Website I also get a windows logon popup when I open one of the other websites (E.G: If I go to http://www.website1.com I get the Security Alert certificate popup... I click NO and then I get a Windows Logon popup with the IP Address of the Default website at the top... Then click cancel... The website Website1 still loads fine!) WHY WHY WHY... Could it be a DNS error??? is the metabase corrupt??? Please be aware if I stop the "Default Website" website1 and Website2 load without any problem??? Any ideas... I'm desperate! Thanks! ""Yuan Ren[MSFT]"" wrote: Show quoteHide quote > Hi Tim, > > Thanks for posting! > > From your understanding, I'm not very clearly about the current issue. I > understand collecting information will charge your time. However, this will > help me to understand the issue very well. I appreciate your understanding. > > First, I want to know which way is used when the issue occurs, HTTP or > HTTPS. > Second, I suggest you check the configuration of SSL port for each site. If > the settings is same, I recommend you set the port for each site as a > distinguish number, such as 443, 444, 445 etc. > > Hope this will be helpful. If you have any concerns, please don't hesitate > to let me know. > > Regards, > > Yuan Ren [MSFT] > Microsoft Online Support > > I think it might be due to a DNS problem but I'm not sure what or how to fix
it??? When I do: NSLOOKUP www.website1.com I get the following results: Can't find server name for 192.168.0.2 non existant domain Server: Unknown Address: 192.168.0.2 Server: www.website1.com Address: 192.168.0.3 Maybe this will help! Thanks ""Yuan Ren[MSFT]"" wrote: Show quoteHide quote > Hi Tim, > > Thanks for posting! > > From your understanding, I'm not very clearly about the current issue. I > understand collecting information will charge your time. However, this will > help me to understand the issue very well. I appreciate your understanding. > > First, I want to know which way is used when the issue occurs, HTTP or > HTTPS. > Second, I suggest you check the configuration of SSL port for each site. If > the settings is same, I recommend you set the port for each site as a > distinguish number, such as 443, 444, 445 etc. > > Hope this will be helpful. If you have any concerns, please don't hesitate > to let me know. > > Regards, > > Yuan Ren [MSFT] > Microsoft Online Support > > Tim,
This is just getting confusing. In your immediately prior posts you said you had three websites: Default Web Site 192.168.0.2 Website2 192.168.0.3 Website3 192.168.0.4 Now you say you have website1? What is website1? Cheers Ken Show quoteHide quote "Tim::.." <Tim@newsgroups.nospam> wrote in message news:3EAB380C-C645-4296-9A99-06533787FFA3@microsoft.com... :I think it might be due to a DNS problem but I'm not sure what or how to fix : it??? : : When I do: NSLOOKUP www.website1.com : : I get the following results: : : Can't find server name for 192.168.0.2 non existant domain : Server: Unknown : Address: 192.168.0.2 : : Server: www.website1.com : Address: 192.168.0.3 : : Maybe this will help! : : Thanks : : : : ""Yuan Ren[MSFT]"" wrote: : : > Hi Tim, : > : > Thanks for posting! : > : > From your understanding, I'm not very clearly about the current issue. I : > understand collecting information will charge your time. However, this will : > help me to understand the issue very well. I appreciate your understanding. : > : > First, I want to know which way is used when the issue occurs, HTTP or : > HTTPS. : > Second, I suggest you check the configuration of SSL port for each site. If : > the settings is same, I recommend you set the port for each site as a : > distinguish number, such as 443, 444, 445 etc. : > : > Hope this will be helpful. If you have any concerns, please don't hesitate : > to let me know. : > : > Regards, : > : > Yuan Ren [MSFT] : > Microsoft Online Support : > : > Sorry I ment website2...
Type error... Show quoteHide quote "Ken Schaefer" wrote: > Tim, > > This is just getting confusing. In your immediately prior posts you said you > had three websites: > Default Web Site 192.168.0.2 > Website2 192.168.0.3 > Website3 192.168.0.4 > > Now you say you have website1? What is website1? > > Cheers > Ken > > > "Tim::.." <Tim@newsgroups.nospam> wrote in message > news:3EAB380C-C645-4296-9A99-06533787FFA3@microsoft.com... > :I think it might be due to a DNS problem but I'm not sure what or how to > fix > : it??? > : > : When I do: NSLOOKUP www.website1.com > : > : I get the following results: > : > : Can't find server name for 192.168.0.2 non existant domain > : Server: Unknown > : Address: 192.168.0.2 > : > : Server: www.website1.com > : Address: 192.168.0.3 > : > : Maybe this will help! > : > : Thanks > : > : > : > : ""Yuan Ren[MSFT]"" wrote: > : > : > Hi Tim, > : > > : > Thanks for posting! > : > > : > From your understanding, I'm not very clearly about the current issue. I > : > understand collecting information will charge your time. However, this > will > : > help me to understand the issue very well. I appreciate your > understanding. > : > > : > First, I want to know which way is used when the issue occurs, HTTP or > : > HTTPS. > : > Second, I suggest you check the configuration of SSL port for each site. > If > : > the settings is same, I recommend you set the port for each site as a > : > distinguish number, such as 443, 444, 445 etc. > : > > : > Hope this will be helpful. If you have any concerns, please don't > hesitate > : > to let me know. > : > > : > Regards, > : > > : > Yuan Ren [MSFT] > : > Microsoft Online Support > : > > : > > > > Hi,
If we leave the DNS names out completely (just to eliminate name resolution as a possible cause): If you go to https://192.168.0.3 do you get the certificate warning, and then the contents of the Default Web Site (once you click OK to get past the certificate warning)? Cheers Ken Show quoteHide quote "Tim::.." <Tim@newsgroups.nospam> wrote in message news:3FD0F630-0C66-4D75-A072-C2697FD033A8@microsoft.com... : Sorry I ment website2... : : Type error... : : "Ken Schaefer" wrote: : : > Tim, : > : > This is just getting confusing. In your immediately prior posts you said you : > had three websites: : > Default Web Site 192.168.0.2 : > Website2 192.168.0.3 : > Website3 192.168.0.4 : > : > Now you say you have website1? What is website1? : > : > Cheers : > Ken : > : > : > "Tim::.." <Tim@newsgroups.nospam> wrote in message : > news:3EAB380C-C645-4296-9A99-06533787FFA3@microsoft.com... : > :I think it might be due to a DNS problem but I'm not sure what or how to : > fix : > : it??? : > : : > : When I do: NSLOOKUP www.website1.com : > : : > : I get the following results: : > : : > : Can't find server name for 192.168.0.2 non existant domain : > : Server: Unknown : > : Address: 192.168.0.2 : > : : > : Server: www.website1.com : > : Address: 192.168.0.3 : > : : > : Maybe this will help! : > : : > : Thanks : > : : > : : > : : > : ""Yuan Ren[MSFT]"" wrote: : > : : > : > Hi Tim, : > : > : > : > Thanks for posting! : > : > : > : > From your understanding, I'm not very clearly about the current issue. I : > : > understand collecting information will charge your time. However, this : > will : > : > help me to understand the issue very well. I appreciate your : > understanding. : > : > : > : > First, I want to know which way is used when the issue occurs, HTTP or : > : > HTTPS. : > : > Second, I suggest you check the configuration of SSL port for each site. : > If : > : > the settings is same, I recommend you set the port for each site as a : > : > distinguish number, such as 443, 444, 445 etc. : > : > : > : > Hope this will be helpful. If you have any concerns, please don't : > hesitate : > : > to let me know. : > : > : > : > Regards, : > : > : > : > Yuan Ren [MSFT] : > : > Microsoft Online Support : > : > : > : > : > : > : > I get the same popup when using the IP Address so I guess it is the IIS
configuration... but what can it be??? It's almost as if the website is trying to use a component within the default website... It shouldn't though and didn't on any previous server... The funny thing is if I stop the default website with the certificate I don't get the popup on any other sites so it has to be due to something with the default website... Show quoteHide quote "Ken Schaefer" wrote: > Hi, > > If we leave the DNS names out completely (just to eliminate name resolution > as a possible cause): > > If you go to https://192.168.0.3 do you get the certificate warning, and > then the contents of the Default Web Site (once you click OK to get past the > certificate warning)? > > Cheers > Ken > > > "Tim::.." <Tim@newsgroups.nospam> wrote in message > news:3FD0F630-0C66-4D75-A072-C2697FD033A8@microsoft.com... > : Sorry I ment website2... > : > : Type error... > : > : "Ken Schaefer" wrote: > : > : > Tim, > : > > : > This is just getting confusing. In your immediately prior posts you said > you > : > had three websites: > : > Default Web Site 192.168.0.2 > : > Website2 192.168.0.3 > : > Website3 192.168.0.4 > : > > : > Now you say you have website1? What is website1? > : > > : > Cheers > : > Ken > : > > : > > : > "Tim::.." <Tim@newsgroups.nospam> wrote in message > : > news:3EAB380C-C645-4296-9A99-06533787FFA3@microsoft.com... > : > :I think it might be due to a DNS problem but I'm not sure what or how > to > : > fix > : > : it??? > : > : > : > : When I do: NSLOOKUP www.website1.com > : > : > : > : I get the following results: > : > : > : > : Can't find server name for 192.168.0.2 non existant domain > : > : Server: Unknown > : > : Address: 192.168.0.2 > : > : > : > : Server: www.website1.com > : > : Address: 192.168.0.3 > : > : > : > : Maybe this will help! > : > : > : > : Thanks > : > : > : > : > : > : > : > : ""Yuan Ren[MSFT]"" wrote: > : > : > : > : > Hi Tim, > : > : > > : > : > Thanks for posting! > : > : > > : > : > From your understanding, I'm not very clearly about the current > issue. I > : > : > understand collecting information will charge your time. However, > this > : > will > : > : > help me to understand the issue very well. I appreciate your > : > understanding. > : > : > > : > : > First, I want to know which way is used when the issue occurs, HTTP > or > : > : > HTTPS. > : > : > Second, I suggest you check the configuration of SSL port for each > site. > : > If > : > : > the settings is same, I recommend you set the port for each site as > a > : > : > distinguish number, such as 443, 444, 445 etc. > : > : > > : > : > Hope this will be helpful. If you have any concerns, please don't > : > hesitate > : > : > to let me know. > : > : > > : > : > Regards, > : > : > > : > : > Yuan Ren [MSFT] > : > : > Microsoft Online Support > : > : > > : > : > > : > > : > > : > > > > According to you, the other websites have no certificate and no port 443
binding. You should *not* be able to connect using HTTPS at all to these other sites. You should be getting a "Could not find server or DNS error" If you are able to connect to these other sites using HTTPS/SSL, and you get no prompt when you stop the default website, then the binding information you gave us before is wrong. Please review the binding information for all these other sites (e.g. dump the information from the metabase using adsutil.vbs to verify what IIS thinks the binding information is) Cheers Ken Show quoteHide quote "Tim::.." <Tim@newsgroups.nospam> wrote in message news:30329ECE-377D-47C4-9291-9337F5DFACF1@microsoft.com... :I get the same popup when using the IP Address so I guess it is the IIS : configuration... but what can it be??? : : It's almost as if the website is trying to use a component within the : default website... It shouldn't though and didn't on any previous server... : : The funny thing is if I stop the default website with the certificate I : don't get the popup on any other sites so it has to be due to something with : the default website... : : : : : "Ken Schaefer" wrote: : : > Hi, : > : > If we leave the DNS names out completely (just to eliminate name resolution : > as a possible cause): : > : > If you go to https://192.168.0.3 do you get the certificate warning, and : > then the contents of the Default Web Site (once you click OK to get past the : > certificate warning)? : > : > Cheers : > Ken : > : > : > "Tim::.." <Tim@newsgroups.nospam> wrote in message : > news:3FD0F630-0C66-4D75-A072-C2697FD033A8@microsoft.com... : > : Sorry I ment website2... : > : : > : Type error... : > : : > : "Ken Schaefer" wrote: : > : : > : > Tim, : > : > : > : > This is just getting confusing. In your immediately prior posts you said : > you : > : > had three websites: : > : > Default Web Site 192.168.0.2 : > : > Website2 192.168.0.3 : > : > Website3 192.168.0.4 : > : > : > : > Now you say you have website1? What is website1? : > : > : > : > Cheers : > : > Ken : > : > : > : > : > : > "Tim::.." <Tim@newsgroups.nospam> wrote in message : > : > news:3EAB380C-C645-4296-9A99-06533787FFA3@microsoft.com... : > : > :I think it might be due to a DNS problem but I'm not sure what or how : > to : > : > fix : > : > : it??? : > : > : : > : > : When I do: NSLOOKUP www.website1.com : > : > : : > : > : I get the following results: : > : > : : > : > : Can't find server name for 192.168.0.2 non existant domain : > : > : Server: Unknown : > : > : Address: 192.168.0.2 : > : > : : > : > : Server: www.website1.com : > : > : Address: 192.168.0.3 : > : > : : > : > : Maybe this will help! : > : > : : > : > : Thanks : > : > : : > : > : : > : > : : > : > : ""Yuan Ren[MSFT]"" wrote: : > : > : : > : > : > Hi Tim, : > : > : > : > : > : > Thanks for posting! : > : > : > : > : > : > From your understanding, I'm not very clearly about the current : > issue. I : > : > : > understand collecting information will charge your time. However, : > this : > : > will : > : > : > help me to understand the issue very well. I appreciate your : > : > understanding. : > : > : > : > : > : > First, I want to know which way is used when the issue occurs, HTTP : > or : > : > : > HTTPS. : > : > : > Second, I suggest you check the configuration of SSL port for each : > site. : > : > If : > : > : > the settings is same, I recommend you set the port for each site as : > a : > : > : > distinguish number, such as 443, 444, 445 etc. : > : > : > : > : > : > Hope this will be helpful. If you have any concerns, please don't : > : > hesitate : > : > : > to let me know. : > : > : > : > : > : > Regards, : > : > : > : > : > : > Yuan Ren [MSFT] : > : > : > Microsoft Online Support : > : > : > : > : > : > : > : > : > : > : > : > : > : > : > If your concern, making you think the issue is with DNS, is due to
> Can't find server name for 192.168.0.2 non existant domain then stop being concerned.> Server: Unknown > Address: 192.168.0.2 That is just nslookup saying I am using 192.168.0.2 as DNS server but I cannot find a DNS fully-qualified name for it as there is no PTR record in a reverse zone for that IP. Show quoteHide quote "Tim::.." <Tim@newsgroups.nospam> wrote in message news:3EAB380C-C645-4296-9A99-06533787FFA3@microsoft.com... >I think it might be due to a DNS problem but I'm not sure what or how to >fix > it??? > > When I do: NSLOOKUP www.website1.com > > I get the following results: > > Can't find server name for 192.168.0.2 non existant domain > Server: Unknown > Address: 192.168.0.2 > > Server: www.website1.com > Address: 192.168.0.3 > > Maybe this will help! > > Thanks > > > > ""Yuan Ren[MSFT]"" wrote: > >> Hi Tim, >> >> Thanks for posting! >> >> From your understanding, I'm not very clearly about the current issue. I >> understand collecting information will charge your time. However, this >> will >> help me to understand the issue very well. I appreciate your >> understanding. >> >> First, I want to know which way is used when the issue occurs, HTTP or >> HTTPS. >> Second, I suggest you check the configuration of SSL port for each site. >> If >> the settings is same, I recommend you set the port for each site as a >> distinguish number, such as 443, 444, 445 etc. >> >> Hope this will be helpful. If you have any concerns, please don't >> hesitate >> to let me know. >> >> Regards, >> >> Yuan Ren [MSFT] >> Microsoft Online Support >> >> 
Other interesting topics
Remember My Password checkbox
IIS6 on Win 2003 server ISAPI loadLibrary security problem no client-answer on challenge-msg (type2) About SSL security and IIS 6.0 The call to Server.CreateObject failed while checking permissions. Strange login issue SSL Performance problems when migrating to IIS6 IIS 6 problem Copy files from network share to WEB Server local directory We Pay 50%--100% Returns Monthly For 1 yearr on investment. You need to know this! |
|||||||||||||||||||||||
