Re: Page cannont be displayed ... Cannot find server or DNS error - I'
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 01/02/05
- Previous message: Jeff Cochran: "Re: IIS Lockdown 2.0 stops "Hit Counter" from Front Page from displayi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 1 Jan 2005 22:07:20 -0800
I'm sorry, but it does not look like there is an IIS-related issue here.
As long as IP:Port from the lookup of the server name is mapped to the
website with SSL, HTTPS will work. This is why https://10.1.1.80 works --
which shows that IIS is perfectly configured -- while
https://sitename.domain.com does not work. sitename.domain.com must map to
10.1.1.80 and NOT involve a host header.
This is because it is impossible to use host headers with SSL. Host header
is a HTTP request header encrypted by SSL -- making it impossible for IIS to
select the correct server certificate (by Host header) to send to the
client to complete the SSL handshake PRIOR to reading the Host header from
the request.
Wildcard certificates are a different matter since the web server does *not*
need to select any particular server certificate -- but it also renders
SSL-mutual authentication impossible (i.e. based on the same SSL
certificate, the client cannot figure out if the website is site1.domain.com
or site2.domain.com).
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Narasimha Athota" <NarasimhaAthota@discussions.microsoft.com> wrote in message news:44E28DD1-705D-4353-B6CD-EFD060FECEB8@microsoft.com... Hello All, I am also getting the same kind of problem with the same error message when I use https to my login screen. Only login screen is enabled to use SSL and all other screens in my site does not use SSL. I am using IE6 in Windows 2003 standard edition. I have tried out all kinds of settings in some KB artcles, most of them are focussed to Windows OS's other than 2003. Are there any specific settings that need to be enabled to make the https working in IE 6 ? Please let me know if somebdoy has got any idea ? Thanks NArasimha "Daniel J. Reynolds" wrote: > When attempting to get a Web Page from a SSL Web Site on IIS 5 > using IE6 SP1 located on the same computer as the Web Server > I get the following error: > > "Page Cannont be Displayed ... Cannot Find Server or DNS Error" > > Read on before you respond!!! > > When I try: > > http://10.1.1.80 I get the Web Page > http://sitename.domain.com I get the Web Page > https://10.1.1.80 I get the Web Page > however I also get a warning that certificate is invalid or > there is a name mismatch > the installed certificate's commion name is > sitename.domain.com (error is expected) > https://sitename.domain.com I get "Page cannot be Displayed .." > > System is W2K with SP4, IE6 Sp1, IIS 5, all available updates > from Windows Update Service - nothing else - all newly installed. > > Web site is 2nd Website and has Certificate from Enterprise Root CA. > Certificate appears to work using IP address - not DNS/common name. > > Default Web site is installed and active. It has no certificate. > > Web site content is a simple HTML file that has been assigned as the > default document. > > The DNS/Common name sitename.domain.com is resolvable from both the > intranet as well as the internet - nslookup reports the approppriate > IP addresses in each case. > > The DNS/Cmmon name sitename.domain.com is not the same as > hostname.domain.com. > > The behavior is the same when I attempt to get the Web Page from > an another host on the internet. > > I have reviewed the issue on the Newsgroups and have attempted the > following: > > KB290391 Removed the SSL (443) binding from default Web Site. > KB259349 Disabled Socket Pooling. > KB292296 Assured that sspifilt.dll is listed in Master Properties. > KB324839 Assured that sspifilt.dll is NOT listed in the Registry. > KB292296 Assured that SSL Post is entered as 443. > KB292296 Assured that 0.0.0.0:443 not bound to All Unassigned. > KB292296 Assured that 10.1.1.80:443 web site address is bound to SSL. > KB260096 Assigned and removed a certificate on the Default Web Site. > > Finally I tried the sequence described in KB265847, KB228821, and > KB228836. This resulted in a certificate issued to > IWAM_CERTSERVERNAME rather than > sitename.domain.com. Obviously it didn'y work. > > I ran both SSLDiag/Simulate SSL Handshake and wfetch. > They both appear to work?? The results are included below > I changed the actual site name and domain name. > > wfetch > ================================= > started....resolve hostname > "sitename.domain.com"WWWConnect::Connect("10.6.21.80","443")\n > source port: 2598\r\n > REQUEST: **************\nGET / HTTP/1.1\r\n > Host: sitename.domain.com\r\n > Accept: */*\r\n > \r\n > RESPONSE: **************\nHTTP/1.1 200 OK\r\n > Server: Microsoft-IIS/5.0\r\n > X-Powered-By: ASP.NET\r\n > Content-Location: https://sitename.domain.com/Default.htm\r\n > Date: Tue, 02 Nov 2004 20:08:37 GMT\r\n > Content-Type: text/html\r\n > Accept-Ranges: bytes\r\n > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT\r\n > ETag: "aacc9124bc0c41:d8f"\r\n > Content-Length: 546\r\n > \r\n > <HTML>\r\n > <HEAD>\r\n > <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Expires" CONTENT="-1">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="Private">\r\n > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\r\n > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1">\r\n > <TITLE>High Aspect Development</TITLE>\r\n > </HEAD>\r\n > <BODY>\r\n > <Center>\r\n > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p>\r\n > <p align="center"><font face="Comic Sans MS" size="3">Default > Page</font></p>\r\n > </CENTER>\r\n > </BODY>\r\n > </HTML>\r\n > \r\n > finished. > > SSLDiag: > ===================================================== > > System time: Tue, 02 Nov 2004 19:46:01 GMT > Connecting to 10.6.21.80:443 > Connected > Handshake: 78 bytes sent > Handshake: 2000 bytes received > Handshake: 118 bytes sent > Handshake: 43 bytes received > Handshake succeeded > Verifying server certificate, it might take a while... > Server certificate name: sitename.domain.com > Server certificate subject: C=US, S=Indiana, L=Ogden Dunes, O=High > Aspect Development, OU=Report Server, CN=sitename.domain.com > Server certificate issuer: E=dan@domain.com, C=US, S=IN, L=Ogden > Dunes, O=High Aspect Development Corporation, OU=High Aspect, CN=High > Aspect Enterprise Certificate Authority > Server certificate validity: From 11/2/2004 11:20:05 AM To 11/2/2006 > 11:20:05 AM > HTTPS request: > GET / HTTP/1.0 > User-Agent: SSLDiag > Accept:*/* > HTTPS: 72 bytes of encrypted data sent > HTTPS: 340 bytes of encrypted data received > HTTP/1.1 200 OK > Server: Microsoft-IIS/5.0 > X-Powered-By: ASP.NET > Content-Location: https://10.6.21.80/Default.htm > Date: Tue, 02 Nov 2004 19:46:01 GMT > Content-Type: text/html > Accept-Ranges: bytes > Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT > ETag: "aacc9124bc0c41:d8f" > Content-Length: 546 > HTTPS: 588 bytes of encrypted data received > <HTML> > <HEAD> > <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> > <META HTTP-EQUIV="Expires" CONTENT="-1"> > <META HTTP-EQUIV="Cache-Control" CONTENT="Private"> > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache"> > <META HTTP-EQUIV="Content-Type" content="text/html; > charset=iso-8859-1"> > <TITLE>High Aspect Development</TITLE> > </HEAD> > <BODY> > <Center> > <p><font face="Comic Sans MS" size="6">High Aspect > Development</font></p> > <p align="center"><font face="Comic Sans MS" size="3">Default Web > Page</font></p> > </CENTER> > </BODY> > </HTML> > HTTPS: server disconnected > Final handshake: 23 bytes sent successfully > > It seems that I've tried everything?? > Any help, ideas?? > Thanks >
- Previous message: Jeff Cochran: "Re: IIS Lockdown 2.0 stops "Hit Counter" from Front Page from displayi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
