| Groups | Blog | Home |
iis security : Page cannont be displayed ... Cannot find server or DNS error - I'VE TRIED EVERYTHING !!!
When attempting to get a Web Page from a SSL Web Site on IIS 5
using IE6 SP1 located on the same computer as the Web Server I get the following error: "Page Cannont be Displayed ... Cannot Find Server or DNS Error" Read on before you respond!!! When I try: http://10.1.1.80 I get the Web Page http://sitename.domain.com I get the Web Page https://10.1.1.80 I get the Web Page however I also get a warning that certificate is invalid or there is a name mismatch the installed certificate's commion name is sitename.domain.com (error is expected) https://sitename.domain.com I get "Page cannot be Displayed .." System is W2K with SP4, IE6 Sp1, IIS 5, all available updates from Windows Update Service - nothing else - all newly installed. Web site is 2nd Website and has Certificate from Enterprise Root CA. Certificate appears to work using IP address - not DNS/common name. Default Web site is installed and active. It has no certificate. Web site content is a simple HTML file that has been assigned as the default document. The DNS/Common name sitename.domain.com is resolvable from both the intranet as well as the internet - nslookup reports the approppriate IP addresses in each case. The DNS/Cmmon name sitename.domain.com is not the same as hostname.domain.com. The behavior is the same when I attempt to get the Web Page from an another host on the internet. I have reviewed the issue on the Newsgroups and have attempted the following: KB290391 Removed the SSL (443) binding from default Web Site. KB259349 Disabled Socket Pooling. KB292296 Assured that sspifilt.dll is listed in Master Properties. KB324839 Assured that sspifilt.dll is NOT listed in the Registry. KB292296 Assured that SSL Post is entered as 443. KB292296 Assured that 0.0.0.0:443 not bound to All Unassigned. KB292296 Assured that 10.1.1.80:443 web site address is bound to SSL. KB260096 Assigned and removed a certificate on the Default Web Site. Finally I tried the sequence described in KB265847, KB228821, and KB228836. This resulted in a certificate issued to IWAM_CERTSERVERNAME rather than sitename.domain.com. Obviously it didn'y work. I ran both SSLDiag/Simulate SSL Handshake and wfetch. They both appear to work?? The results are included below I changed the actual site name and domain name. wfetch ================================= started....resolve hostname "sitename.domain.com"WWWConnect::Connect("10.6.21.80","443")\n source port: 2598\r\n REQUEST: **************\nGET / HTTP/1.1\r\n Host: sitename.domain.com\r\n Accept: */*\r\n \r\n RESPONSE: **************\nHTTP/1.1 200 OK\r\n Server: Microsoft-IIS/5.0\r\n X-Powered-By: ASP.NET\r\n Content-Location: https://sitename.domain.com/Default.htm\r\n Date: Tue, 02 Nov 2004 20:08:37 GMT\r\n Content-Type: text/html\r\n Accept-Ranges: bytes\r\n Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT\r\n ETag: "aacc9124bc0c41:d8f"\r\n Content-Length: 546\r\n \r\n <HTML>\r\n <HEAD>\r\n <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r\n <META HTTP-EQUIV="Expires" CONTENT="-1">\r\n <META HTTP-EQUIV="Cache-Control" CONTENT="Private">\r\n <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\r\n <META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">\r\n <TITLE>High Aspect Development</TITLE>\r\n </HEAD>\r\n <BODY>\r\n <Center>\r\n <p><font face="Comic Sans MS" size="6">High Aspect Development</font></p>\r\n <p align="center"><font face="Comic Sans MS" size="3">Default Page</font></p>\r\n </CENTER>\r\n </BODY>\r\n </HTML>\r\n \r\n finished. SSLDiag: ===================================================== System time: Tue, 02 Nov 2004 19:46:01 GMT Connecting to 10.6.21.80:443 Connected Handshake: 78 bytes sent Handshake: 2000 bytes received Handshake: 118 bytes sent Handshake: 43 bytes received Handshake succeeded Verifying server certificate, it might take a while... Server certificate name: sitename.domain.com Server certificate subject: C=US, S=Indiana, L=Ogden Dunes, O=High Aspect Development, OU=Report Server, CN=sitename.domain.com Server certificate issuer: E=dan@domain.com, C=US, S=IN, L=Ogden Dunes, O=High Aspect Development Corporation, OU=High Aspect, CN=High Aspect Enterprise Certificate Authority Server certificate validity: From 11/2/2004 11:20:05 AM To 11/2/2006 11:20:05 AM HTTPS request: GET / HTTP/1.0 User-Agent: SSLDiag Accept:*/* HTTPS: 72 bytes of encrypted data sent HTTPS: 340 bytes of encrypted data received HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 X-Powered-By: ASP.NET Content-Location: https://10.6.21.80/Default.htm Date: Tue, 02 Nov 2004 19:46:01 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT ETag: "aacc9124bc0c41:d8f" Content-Length: 546 HTTPS: 588 bytes of encrypted data received <HTML> <HEAD> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <META HTTP-EQUIV="Cache-Control" CONTENT="Private"> <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache"> <META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1"> <TITLE>High Aspect Development</TITLE> </HEAD> <BODY> <Center> <p><font face="Comic Sans MS" size="6">High Aspect Development</font></p> <p align="center"><font face="Comic Sans MS" size="3">Default Web Page</font></p> </CENTER> </BODY> </HTML> HTTPS: server disconnected Final handshake: 23 bytes sent successfully It seems that I've tried everything?? Any help, ideas??
Have port 443 set in the SSL port #?
[quoted text, click to view] "Daniel J. Reynolds" <aspect@crown_dot_net> wrote in message news:6erfo05anqckl4fgkj13j4v5d8d078dj0n@4ax.com... > When attempting to get a Web Page from a SSL Web Site on IIS 5 > using IE6 SP1 located on the same computer as the Web Server > I get the following error: > > "Page Cannont be Displayed ... Cannot Find Server or DNS Error" > > Read on before you respond!!! > > When I try: > > http://10.1.1.80 I get the Web Page > http://sitename.domain.com I get the Web Page > https://10.1.1.80 I get the Web Page > however I also get a warning that certificate is invalid or > there is a name mismatch > the installed certificate's commion name is > sitename.domain.com (error is expected) > https://sitename.domain.com I get "Page cannot be Displayed .." > > System is W2K with SP4, IE6 Sp1, IIS 5, all available updates > from Windows Update Service - nothing else - all newly installed. > > Web site is 2nd Website and has Certificate from Enterprise Root CA. > Certificate appears to work using IP address - not DNS/common name. > > Default Web site is installed and active. It has no certificate. > > Web site content is a simple HTML file that has been assigned as the > default document. > > The DNS/Common name sitename.domain.com is resolvable from both the > intranet as well as the internet - nslookup reports the approppriate > IP addresses in each case. > > The DNS/Cmmon name sitename.domain.com is not the same as > hostname.domain.com. > > The behavior is the same when I attempt to get the Web Page from > an another host on the internet. > > I have reviewed the issue on the Newsgroups and have attempted the > following: > > KB290391 Removed the SSL (443) binding from default Web Site. > KB259349 Disabled Socket Pooling. > KB292296 Assured that sspifilt.dll is listed in Master Properties. > KB324839 Assured that sspifilt.dll is NOT listed in the Registry. > KB292296 Assured that SSL Post is entered as 443. > KB292296 Assured that 0.0.0.0:443 not bound to All Unassigned. > KB292296 Assured that 10.1.1.80:443 web site address is bound to SSL. > KB260096 Assigned and removed a certificate on the Default Web Site. > > Finally I tried the sequence described in KB265847, KB228821, and > KB228836. This resulted in a certificate issued to > IWAM_CERTSERVERNAME rather than > sitename.domain.com. Obviously it didn'y work. > > I ran both SSLDiag/Simulate SSL Handshake and wfetch. > They both appear to work?? The results are included below > I changed the actual site name and domain name. > > wfetch > ================================= > started....resolve hostname > "sitename.domain.com"WWWConnect::Connect("10.6.21.80","443")\n > source port: 2598\r\n > REQUEST: **************\nGET / HTTP/1.1\r\n > Host: sitename.domain.com\r\n > Accept: */*\r\n > \r\n > RESPONSE: **************\nHTTP/1.1 200 OK\r\n > Server: Microsoft-IIS/5.0\r\n > X-Powered-By: ASP.NET\r\n > Content-Location: https://sitename.domain.com/Default.htm\r\n > Date: Tue, 02 Nov 2004 20:08:37 GMT\r\n > Content-Type: text/html\r\n > Accept-Ranges: bytes\r\n > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT\r\n > ETag: "aacc9124bc0c41:d8f"\r\n > Content-Length: 546\r\n > \r\n > <HTML>\r\n > <HEAD>\r\n > <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Expires" CONTENT="-1">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="Private">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1">\r\n > <TITLE>High Aspect Development</TITLE>\r\n > </HEAD>\r\n > <BODY>\r\n > <Center>\r\n > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p>\r\n > <p align="center"><font face="Comic Sans MS" size="3">Default > Page</font></p>\r\n > </CENTER>\r\n > </BODY>\r\n > </HTML>\r\n > \r\n > finished. > > SSLDiag: > ===================================================== > > System time: Tue, 02 Nov 2004 19:46:01 GMT > Connecting to 10.6.21.80:443 > Connected > Handshake: 78 bytes sent > Handshake: 2000 bytes received > Handshake: 118 bytes sent > Handshake: 43 bytes received > Handshake succeeded > Verifying server certificate, it might take a while... > Server certificate name: sitename.domain.com > Server certificate subject: C=US, S=Indiana, L=Ogden Dunes, O=High > Aspect Development, OU=Report Server, CN=sitename.domain.com > Server certificate issuer: E=dan@domain.com, C=US, S=IN, L=Ogden > Dunes, O=High Aspect Development Corporation, OU=High Aspect, CN=High > Aspect Enterprise Certificate Authority > Server certificate validity: From 11/2/2004 11:20:05 AM To 11/2/2006 > 11:20:05 AM > HTTPS request: > GET / HTTP/1.0 > User-Agent: SSLDiag > Accept:*/* > HTTPS: 72 bytes of encrypted data sent > HTTPS: 340 bytes of encrypted data received > HTTP/1.1 200 OK > Server: Microsoft-IIS/5.0 > X-Powered-By: ASP.NET > Content-Location: https://10.6.21.80/Default.htm > Date: Tue, 02 Nov 2004 19:46:01 GMT > Content-Type: text/html > Accept-Ranges: bytes > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT > ETag: "aacc9124bc0c41:d8f" > Content-Length: 546 > HTTPS: 588 bytes of encrypted data received > <HTML> > <HEAD> > <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> > <META HTTP-EQUIV="Expires" CONTENT="-1"> > <META HTTP-EQUIV="Cache-Control" CONTENT="Private"> > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache"> > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1"> > <TITLE>High Aspect Development</TITLE> > </HEAD> > <BODY> > <Center> > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p> > <p align="center"><font face="Comic Sans MS" size="3">Default Web > Page</font></p> > </CENTER> > </BODY> > </HTML> > HTTPS: server disconnected > Final handshake: 23 bytes sent successfully > > It seems that I've tried everything?? > Any help, ideas?? > Thanks
Have you added the Enterprise CA to the computer's certificate store?
Hi,
Do you use Host Header names on your IIS? Mike [quoted text, click to view] "Daniel J. Reynolds" <aspect@crown_dot_net> wrote in message news:6erfo05anqckl4fgkj13j4v5d8d078dj0n@4ax.com... > When attempting to get a Web Page from a SSL Web Site on IIS 5 > using IE6 SP1 located on the same computer as the Web Server > I get the following error: > > "Page Cannont be Displayed ... Cannot Find Server or DNS Error" > > Read on before you respond!!! > > When I try: > > http://10.1.1.80 I get the Web Page > http://sitename.domain.com I get the Web Page > https://10.1.1.80 I get the Web Page > however I also get a warning that certificate is invalid or > there is a name mismatch > the installed certificate's commion name is > sitename.domain.com (error is expected) > https://sitename.domain.com I get "Page cannot be Displayed .." > > System is W2K with SP4, IE6 Sp1, IIS 5, all available updates > from Windows Update Service - nothing else - all newly installed. > > Web site is 2nd Website and has Certificate from Enterprise Root CA. > Certificate appears to work using IP address - not DNS/common name. > > Default Web site is installed and active. It has no certificate. > > Web site content is a simple HTML file that has been assigned as the > default document. > > The DNS/Common name sitename.domain.com is resolvable from both the > intranet as well as the internet - nslookup reports the approppriate > IP addresses in each case. > > The DNS/Cmmon name sitename.domain.com is not the same as > hostname.domain.com. > > The behavior is the same when I attempt to get the Web Page from > an another host on the internet. > > I have reviewed the issue on the Newsgroups and have attempted the > following: > > KB290391 Removed the SSL (443) binding from default Web Site. > KB259349 Disabled Socket Pooling. > KB292296 Assured that sspifilt.dll is listed in Master Properties. > KB324839 Assured that sspifilt.dll is NOT listed in the Registry. > KB292296 Assured that SSL Post is entered as 443. > KB292296 Assured that 0.0.0.0:443 not bound to All Unassigned. > KB292296 Assured that 10.1.1.80:443 web site address is bound to SSL. > KB260096 Assigned and removed a certificate on the Default Web Site. > > Finally I tried the sequence described in KB265847, KB228821, and > KB228836. This resulted in a certificate issued to > IWAM_CERTSERVERNAME rather than > sitename.domain.com. Obviously it didn'y work. > > I ran both SSLDiag/Simulate SSL Handshake and wfetch. > They both appear to work?? The results are included below > I changed the actual site name and domain name. > > wfetch > ================================= > started....resolve hostname > "sitename.domain.com"WWWConnect::Connect("10.6.21.80","443")\n > source port: 2598\r\n > REQUEST: **************\nGET / HTTP/1.1\r\n > Host: sitename.domain.com\r\n > Accept: */*\r\n > \r\n > RESPONSE: **************\nHTTP/1.1 200 OK\r\n > Server: Microsoft-IIS/5.0\r\n > X-Powered-By: ASP.NET\r\n > Content-Location: https://sitename.domain.com/Default.htm\r\n > Date: Tue, 02 Nov 2004 20:08:37 GMT\r\n > Content-Type: text/html\r\n > Accept-Ranges: bytes\r\n > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT\r\n > ETag: "aacc9124bc0c41:d8f"\r\n > Content-Length: 546\r\n > \r\n > <HTML>\r\n > <HEAD>\r\n > <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Expires" CONTENT="-1">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="Private">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1">\r\n > <TITLE>High Aspect Development</TITLE>\r\n > </HEAD>\r\n > <BODY>\r\n > <Center>\r\n > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p>\r\n > <p align="center"><font face="Comic Sans MS" size="3">Default > Page</font></p>\r\n > </CENTER>\r\n > </BODY>\r\n > </HTML>\r\n > \r\n > finished. > > SSLDiag: > ===================================================== > > System time: Tue, 02 Nov 2004 19:46:01 GMT > Connecting to 10.6.21.80:443 > Connected > Handshake: 78 bytes sent > Handshake: 2000 bytes received > Handshake: 118 bytes sent > Handshake: 43 bytes received > Handshake succeeded > Verifying server certificate, it might take a while... > Server certificate name: sitename.domain.com > Server certificate subject: C=US, S=Indiana, L=Ogden Dunes, O=High > Aspect Development, OU=Report Server, CN=sitename.domain.com > Server certificate issuer: E=dan@domain.com, C=US, S=IN, L=Ogden > Dunes, O=High Aspect Development Corporation, OU=High Aspect, CN=High > Aspect Enterprise Certificate Authority > Server certificate validity: From 11/2/2004 11:20:05 AM To 11/2/2006 > 11:20:05 AM > HTTPS request: > GET / HTTP/1.0 > User-Agent: SSLDiag > Accept:*/* > HTTPS: 72 bytes of encrypted data sent > HTTPS: 340 bytes of encrypted data received > HTTP/1.1 200 OK > Server: Microsoft-IIS/5.0 > X-Powered-By: ASP.NET > Content-Location: https://10.6.21.80/Default.htm > Date: Tue, 02 Nov 2004 19:46:01 GMT > Content-Type: text/html > Accept-Ranges: bytes > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT > ETag: "aacc9124bc0c41:d8f" > Content-Length: 546 > HTTPS: 588 bytes of encrypted data received > <HTML> > <HEAD> > <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> > <META HTTP-EQUIV="Expires" CONTENT="-1"> > <META HTTP-EQUIV="Cache-Control" CONTENT="Private"> > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache"> > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1"> > <TITLE>High Aspect Development</TITLE> > </HEAD> > <BODY> > <Center> > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p> > <p align="center"><font face="Comic Sans MS" size="3">Default Web > Page</font></p> > </CENTER> > </BODY> > </HTML> > HTTPS: server disconnected > Final handshake: 23 bytes sent successfully > > It seems that I've tried everything?? > Any help, ideas?? > Thanks
Hello All,
I am also getting the same kind of problem with the same error message when I use https to my login screen. Only login screen is enabled to use SSL and all other screens in my site does not use SSL. I am using IE6 in Windows 2003 standard edition. I have tried out all kinds of settings in some KB artcles, most of them are focussed to Windows OS's other than 2003. Are there any specific settings that need to be enabled to make the https working in IE 6 ? Please let me know if somebdoy has got any idea ? Thanks NArasimha [quoted text, click to view] "Daniel J. Reynolds" wrote:
> When attempting to get a Web Page from a SSL Web Site on IIS 5 > using IE6 SP1 located on the same computer as the Web Server > I get the following error: > > "Page Cannont be Displayed ... Cannot Find Server or DNS Error" > > Read on before you respond!!! > > When I try: > > http://10.1.1.80 I get the Web Page > http://sitename.domain.com I get the Web Page > https://10.1.1.80 I get the Web Page > however I also get a warning that certificate is invalid or > there is a name mismatch > the installed certificate's commion name is > sitename.domain.com (error is expected) > https://sitename.domain.com I get "Page cannot be Displayed .." > > System is W2K with SP4, IE6 Sp1, IIS 5, all available updates > from Windows Update Service - nothing else - all newly installed. > > Web site is 2nd Website and has Certificate from Enterprise Root CA. > Certificate appears to work using IP address - not DNS/common name. > > Default Web site is installed and active. It has no certificate. > > Web site content is a simple HTML file that has been assigned as the > default document. > > The DNS/Common name sitename.domain.com is resolvable from both the > intranet as well as the internet - nslookup reports the approppriate > IP addresses in each case. > > The DNS/Cmmon name sitename.domain.com is not the same as > hostname.domain.com. > > The behavior is the same when I attempt to get the Web Page from > an another host on the internet. > > I have reviewed the issue on the Newsgroups and have attempted the > following: > > KB290391 Removed the SSL (443) binding from default Web Site. > KB259349 Disabled Socket Pooling. > KB292296 Assured that sspifilt.dll is listed in Master Properties. > KB324839 Assured that sspifilt.dll is NOT listed in the Registry. > KB292296 Assured that SSL Post is entered as 443. > KB292296 Assured that 0.0.0.0:443 not bound to All Unassigned. > KB292296 Assured that 10.1.1.80:443 web site address is bound to SSL. > KB260096 Assigned and removed a certificate on the Default Web Site. > > Finally I tried the sequence described in KB265847, KB228821, and > KB228836. This resulted in a certificate issued to > IWAM_CERTSERVERNAME rather than > sitename.domain.com. Obviously it didn'y work. > > I ran both SSLDiag/Simulate SSL Handshake and wfetch. > They both appear to work?? The results are included below > I changed the actual site name and domain name. > > wfetch > ================================= > started....resolve hostname > "sitename.domain.com"WWWConnect::Connect("10.6.21.80","443")\n > source port: 2598\r\n > REQUEST: **************\nGET / HTTP/1.1\r\n > Host: sitename.domain.com\r\n > Accept: */*\r\n > \r\n > RESPONSE: **************\nHTTP/1.1 200 OK\r\n > Server: Microsoft-IIS/5.0\r\n > X-Powered-By: ASP.NET\r\n > Content-Location: https://sitename.domain.com/Default.htm\r\n > Date: Tue, 02 Nov 2004 20:08:37 GMT\r\n > Content-Type: text/html\r\n > Accept-Ranges: bytes\r\n > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT\r\n > ETag: "aacc9124bc0c41:d8f"\r\n > Content-Length: 546\r\n > \r\n > <HTML>\r\n > <HEAD>\r\n > <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Expires" CONTENT="-1">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="Private">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1">\r\n > <TITLE>High Aspect Development</TITLE>\r\n > </HEAD>\r\n > <BODY>\r\n > <Center>\r\n > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p>\r\n > <p align="center"><font face="Comic Sans MS" size="3">Default > Page</font></p>\r\n > </CENTER>\r\n > </BODY>\r\n > </HTML>\r\n > \r\n > finished. > > SSLDiag: > ===================================================== > > System time: Tue, 02 Nov 2004 19:46:01 GMT > Connecting to 10.6.21.80:443 > Connected > Handshake: 78 bytes sent > Handshake: 2000 bytes received > Handshake: 118 bytes sent > Handshake: 43 bytes received > Handshake succeeded > Verifying server certificate, it might take a while... > Server certificate name: sitename.domain.com > Server certificate subject: C=US, S=Indiana, L=Ogden Dunes, O=High > Aspect Development, OU=Report Server, CN=sitename.domain.com > Server certificate issuer: E=dan@domain.com, C=US, S=IN, L=Ogden > Dunes, O=High Aspect Development Corporation, OU=High Aspect, CN=High > Aspect Enterprise Certificate Authority > Server certificate validity: From 11/2/2004 11:20:05 AM To 11/2/2006 > 11:20:05 AM > HTTPS request: > GET / HTTP/1.0 > User-Agent: SSLDiag > Accept:*/* > HTTPS: 72 bytes of encrypted data sent > HTTPS: 340 bytes of encrypted data received > HTTP/1.1 200 OK > Server: Microsoft-IIS/5.0 > X-Powered-By: ASP.NET > Content-Location: https://10.6.21.80/Default.htm > Date: Tue, 02 Nov 2004 19:46:01 GMT > Content-Type: text/html > Accept-Ranges: bytes > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT > ETag: "aacc9124bc0c41:d8f" > Content-Length: 546 > HTTPS: 588 bytes of encrypted data received > <HTML> > <HEAD> > <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> > <META HTTP-EQUIV="Expires" CONTENT="-1"> > <META HTTP-EQUIV="Cache-Control" CONTENT="Private"> > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache"> > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1"> > <TITLE>High Aspect Development</TITLE> > </HEAD> > <BODY> > <Center> > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p> > <p align="center"><font face="Comic Sans MS" size="3">Default Web > Page</font></p> > </CENTER> > </BODY> > </HTML> > HTTPS: server disconnected > Final handshake: 23 bytes sent successfully > > It seems that I've tried everything?? > Any help, ideas?? > Thanks
I'm sorry, but it does not look like there is an IIS-related issue here.
As long as IP:Port from the lookup of the server name is mapped to the website with SSL, HTTPS will work. This is why https://10.1.1.80 works -- which shows that IIS is perfectly configured -- while https://sitename.domain.com does not work. sitename.domain.com must map to 10.1.1.80 and NOT involve a host header. This is because it is impossible to use host headers with SSL. Host header is a HTTP request header encrypted by SSL -- making it impossible for IIS to select the correct server certificate (by Host header) to send to the client to complete the SSL handshake PRIOR to reading the Host header from the request. Wildcard certificates are a different matter since the web server does *not* need to select any particular server certificate -- but it also renders SSL-mutual authentication impossible (i.e. based on the same SSL certificate, the client cannot figure out if the website is site1.domain.com or site2.domain.com). -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Narasimha Athota" <NarasimhaAthota@discussions.microsoft.com> wrote in message news:44E28DD1-705D-4353-B6CD-EFD060FECEB8@microsoft.com... Hello All, I am also getting the same kind of problem with the same error message when I use https to my login screen. Only login screen is enabled to use SSL and all other screens in my site does not use SSL. I am using IE6 in Windows 2003 standard edition. I have tried out all kinds of settings in some KB artcles, most of them are focussed to Windows OS's other than 2003. Are there any specific settings that need to be enabled to make the https working in IE 6 ? Please let me know if somebdoy has got any idea ? Thanks NArasimha [quoted text, click to view] "Daniel J. Reynolds" wrote:
> When attempting to get a Web Page from a SSL Web Site on IIS 5 > using IE6 SP1 located on the same computer as the Web Server > I get the following error: > > "Page Cannont be Displayed ... Cannot Find Server or DNS Error" > > Read on before you respond!!! > > When I try: > > http://10.1.1.80 I get the Web Page > http://sitename.domain.com I get the Web Page > https://10.1.1.80 I get the Web Page > however I also get a warning that certificate is invalid or > there is a name mismatch > the installed certificate's commion name is > sitename.domain.com (error is expected) > https://sitename.domain.com I get "Page cannot be Displayed .." > > System is W2K with SP4, IE6 Sp1, IIS 5, all available updates > from Windows Update Service - nothing else - all newly installed. > > Web site is 2nd Website and has Certificate from Enterprise Root CA. > Certificate appears to work using IP address - not DNS/common name. > > Default Web site is installed and active. It has no certificate. > > Web site content is a simple HTML file that has been assigned as the > default document. > > The DNS/Common name sitename.domain.com is resolvable from both the > intranet as well as the internet - nslookup reports the approppriate > IP addresses in each case. > > The DNS/Cmmon name sitename.domain.com is not the same as > hostname.domain.com. > > The behavior is the same when I attempt to get the Web Page from > an another host on the internet. > > I have reviewed the issue on the Newsgroups and have attempted the > following: > > KB290391 Removed the SSL (443) binding from default Web Site. > KB259349 Disabled Socket Pooling. > KB292296 Assured that sspifilt.dll is listed in Master Properties. > KB324839 Assured that sspifilt.dll is NOT listed in the Registry. > KB292296 Assured that SSL Post is entered as 443. > KB292296 Assured that 0.0.0.0:443 not bound to All Unassigned. > KB292296 Assured that 10.1.1.80:443 web site address is bound to SSL. > KB260096 Assigned and removed a certificate on the Default Web Site. > > Finally I tried the sequence described in KB265847, KB228821, and > KB228836. This resulted in a certificate issued to > IWAM_CERTSERVERNAME rather than > sitename.domain.com. Obviously it didn'y work. > > I ran both SSLDiag/Simulate SSL Handshake and wfetch. > They both appear to work?? The results are included below > I changed the actual site name and domain name. > > wfetch > ================================= > started....resolve hostname > "sitename.domain.com"WWWConnect::Connect("10.6.21.80","443")\n > source port: 2598\r\n > REQUEST: **************\nGET / HTTP/1.1\r\n > Host: sitename.domain.com\r\n > Accept: */*\r\n > \r\n > RESPONSE: **************\nHTTP/1.1 200 OK\r\n > Server: Microsoft-IIS/5.0\r\n > X-Powered-By: ASP.NET\r\n > Content-Location: https://sitename.domain.com/Default.htm\r\n > Date: Tue, 02 Nov 2004 20:08:37 GMT\r\n > Content-Type: text/html\r\n > Accept-Ranges: bytes\r\n > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT\r\n > ETag: "aacc9124bc0c41:d8f"\r\n > Content-Length: 546\r\n > \r\n > <HTML>\r\n > <HEAD>\r\n > <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Expires" CONTENT="-1">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="Private">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1">\r\n > <TITLE>High Aspect Development</TITLE>\r\n > </HEAD>\r\n > <BODY>\r\n > <Center>\r\n > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p>\r\n > <p align="center"><font face="Comic Sans MS" size="3">Default > Page</font></p>\r\n > </CENTER>\r\n > </BODY>\r\n > </HTML>\r\n > \r\n > finished. > > SSLDiag: > ===================================================== > > System time: Tue, 02 Nov 2004 19:46:01 GMT > Connecting to 10.6.21.80:443 > Connected > Handshake: 78 bytes sent > Handshake: 2000 bytes received > Handshake: 118 bytes sent > Handshake: 43 bytes received > Handshake succeeded > Verifying server certificate, it might take a while... > Server certificate name: sitename.domain.com > Server certificate subject: C=US, S=Indiana, L=Ogden Dunes, O=High > Aspect Development, OU=Report Server, CN=sitename.domain.com > Server certificate issuer: E=dan@domain.com, C=US, S=IN, L=Ogden > Dunes, O=High Aspect Development Corporation, OU=High Aspect, CN=High > Aspect Enterprise Certificate Authority > Server certificate validity: From 11/2/2004 11:20:05 AM To 11/2/2006 > 11:20:05 AM > HTTPS request: > GET / HTTP/1.0 > User-Agent: SSLDiag > Accept:*/* > HTTPS: 72 bytes of encrypted data sent > HTTPS: 340 bytes of encrypted data received > HTTP/1.1 200 OK > Server: Microsoft-IIS/5.0 > X-Powered-By: ASP.NET > Content-Location: https://10.6.21.80/Default.htm > Date: Tue, 02 Nov 2004 19:46:01 GMT > Content-Type: text/html > Accept-Ranges: bytes > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |