locked
OWA - Website RRS feed

  • Question

  • User-146909445 posted

    Hello,

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>I have created a website called clients and owa virtual directory for outlook web access. Default website is assigned original server IP address while the clients website has a virtual IP assigned from the Network card. <o:p></o:p>Default Website – 172.28.45.9<o:p></o:p>Clients Website – 172.28.45.21 <o:p></o:p>

    Both website are accessible and I get owa login prompt, but whenever I stopped the default website I cannot gain access to clients website, instead I get a page error message.  I also noticed in clients website I cannot assign port 443 under “multiple SSL identities for this website” in Advance setting. The option is grayed set to default website and would not let me change/add port. Every time I assign port 443 to second website it automatically gets disable and I when try to start I see this message:

    "IIS was unable to start the site. Another site may already be using the port you configured for this site. Please select an unused port for this site."

     Any idea what would be cause for this?

    Thank you in advance

     

    Saturday, September 15, 2007 9:12 AM

Answers

  • User-146909445 posted

    Below is the result for the httpcfg query iplisten, from another group I was advised for the use of this command ( cscript c:\inetpub\adminscripts\adsutil.vbs delete w3svc/1/securebindings) to remove the binding, but unfortunately still no go and issue exist.

    C:\Program Files (x86)\Support Tools>httpcfg query iplisten

    HttpQueryServiceConfiguration completed with 1168.

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p>

    Should I follow the procedure describe at the provided link http://support.microsoft.com/?id=813368 or wait for your response on another solution?

    Many Thanks

     

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, September 20, 2007 10:12 AM

All replies

  • User989702501 posted

    Mmm.. exchange OWA. what error page do you get when default site is down and you are accessing the client page? you sure your browsing the client site? As for the SSL error, you will need to bind the cert to different ip. E.g. default site ssl to 172.28.45.9:443 and 172.28.45.21:443 for client site.

    Monday, September 17, 2007 12:02 AM
  • User-146909445 posted

     

    When I tried to access the owa page I get the message:

     

    “Internet Explorer cannot display the webpage”

     

    I don’t think I am accessing the client website , It is a bit strange because I can even telnet the client website on port 443 using internal IP and I get a response but as soon I stopped the default website I cannot telnet to the site. I do not know how to bind SSL cert to second website, but on my test lab server I have created second owa website which works fine independently without any additional configuration.

     

    Tuesday, September 18, 2007 8:53 PM
  • User989702501 posted

    Well, from what you mentioned. it looks like default website is binding to all unassigned, hence when you stop it you no longer can telnet.
    Go to IIS MMC, look at the tcpip binding of the default website, make sure it is bind to specific IP address. and in the SSL binding it is binding to that specific IP as well. Google disablesocketpooling to make sure IIS doesn't bind cert to all ip address.
    For the addtional website, do the same binding on the other ip address.

    if you are using iis6, try iisweb /query at command prompt and post the site/ip/port binding information here.
    also list the output of httpcfg query ssl.

     

     

    Wednesday, September 19, 2007 12:10 AM
  • User-146909445 posted

    Hi Bernard

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p>

    Thank you for responding, and I followed step by step instructions to isolate the issue as you describe. First we are currently running IIS 6.0 web server on Windows Server 2003 service pack 2 64bit Enterprise Edition.  As far “disablesocketpooling” I came cross http://support.microsoft.com/kb/892847 link using the search engine. Since the server is fully patch and service pack 2 installed, the following article does not apply unless there is another article that I am missing. I have also checked the properties of the default website and I can see it is statically assigned to the IP address of 172.28.45.9. Below I have provided the query results as you requested.  Hopefully I get my answer to the problem.

    Thanks again

     

    Site Name (Metabase Path)                     Status  IP              Port  Host

    ==============================================================================
    Default Web Site (W3SVC/1)                    STARTED 172.28.45.9     80    N/A
    AutoDiscover (W3SVC/1427802313)          STARTED 172.28.45.22    80    AutoDiscover-Site
    Clients (W3SVC/468726519)                     STARTED 172.28.45.21    80    OWA-Users

     

     IP                      : 172.28.45.9:443
     Hash                    : 40d0eec6953923f8e82db258425b7f9bad8d bef
     Guid                    : {4dc3e181-e14b-4a21-b022-59fc669b0914}
     CertStoreName           : MY
     CertCheckMode           : 0
     RevocationFreshnessTime : 0
     UrlRetrievalTimeout     : 0
     SslCtlIdentifier        :
     SslCtlStoreName         :
     Flags                   : 0

    Wednesday, September 19, 2007 8:43 PM
  • User989702501 posted

    what's the output for httpcfg query listen ? the kb your posted is not really related to disablesocketpooling. see
    Setting metabase property DisableSocketPooling has no effect
    http://support.microsoft.com/?id=813368

    and from the ssl query result, it shows only the default site ssl binding.

    Wednesday, September 19, 2007 8:59 PM
  • User-146909445 posted

    Below is the result for the httpcfg query iplisten, from another group I was advised for the use of this command ( cscript c:\inetpub\adminscripts\adsutil.vbs delete w3svc/1/securebindings) to remove the binding, but unfortunately still no go and issue exist.

    C:\Program Files (x86)\Support Tools>httpcfg query iplisten

    HttpQueryServiceConfiguration completed with 1168.

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p>

    Should I follow the procedure describe at the provided link http://support.microsoft.com/?id=813368 or wait for your response on another solution?

    Many Thanks

     

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, September 20, 2007 10:12 AM
  • User989702501 posted

    Yes , use the KB to set the 2 ip addresses. then restart IIS, then binding each cert to separate IP.

    Friday, September 21, 2007 2:18 AM
  • User-146909445 posted

    Bernard,

    <o:p> </o:p>

    Thank you for taking your time to respond while helping me solves the issue. I have followed step by step instructions provided from the Microsoft knowledge base and restarted the IIS, but unfortunately this still have not resolve assigning of same port to multiple website. Upon attempt to start client website I received the same message:

     

    "IIS was unable to start the site. Another site may already be using the port you configured for this site. Please select an unused port for this site."

     

     Below is the output of the commands that I applied.  

     

    C:\Documents and Settings\Administrator>httpcfg set iplisten -i 172.28.45.21
    HttpSetServiceConfiguration completed with 0.

    C:\Documents and Settings\Administrator.>httpcfg query iplisten
        IP                      : 172.28.45.21
    ------------------------------------------------------------------------------

    C:\Documents and Settings\Administrator.>net stop http /y
    The following services are dependent on the HTTP service.
    Stopping the HTTP service will also stop these services.

       World Wide Web Publishing Service
       HTTP SSL

    The World Wide Web Publishing Service service is stopping..
    The World Wide Web Publishing Service service was stopped successfully.

    The HTTP SSL service is stopping.
    The HTTP SSL service was stopped successfully.


    The HTTP service was stopped successfully.


    C:\Documents and Settings\Administrator.>net start w3svc
    The World Wide Web Publishing Service service is starting.
    The World Wide Web Publishing Service service was started successfully.


    C:\Documents and Settings\Administrator.>httpcfg set iplisten -i 172.28.45.9
    HttpSetServiceConfiguration completed with 0.

    C:\Documents and Settings\Administrator.MERCYHAVEN>httpcfg query iplisten
        IP                      : 172.28.45.21
    ------------------------------------------------------------------------------
        IP                      : 172.28.45.9
    ------------------------------------------------------------------------------
     

    C:\Documents and Settings\Administrator.>net stop http /y
    The following services are dependent on the HTTP service.
    Stopping the HTTP service will also stop these services.

       World Wide Web Publishing Service
       HTTP SSL

    The World Wide Web Publishing Service service is stopping.
    The World Wide Web Publishing Service service was stopped successfully.

    The HTTP SSL service is stopping.
    The HTTP SSL service was stopped successfully.


    The HTTP service was stopped successfully.


    C:\Documents and Settings\Administrator.>net start w3svc
    The World Wide Web Publishing Service service is starting.
    The World Wide Web Publishing Service service was started successfully.
     

    C:\Documents and Settings\Administrator.>iisreset

    Attempting stop...
    Internet services successfully stopped
    Attempting start...
    Internet services successfully restarted


    Friday, September 21, 2007 5:04 PM
  • User989702501 posted

    Interesting... well - I just do a quick test. if only IIS is binding the port, you can actually forget about socket pooling, since the binding of 0.0.0.0:443 wont' affect the site. as you will still get .9:443 and .21:443.

    Can you do a netstat -ano at command prompt. then post the 443 binding entries here.

     

    Friday, September 21, 2007 11:44 PM
  • User-146909445 posted

    Here you go, with complete output, except external IPs.

     

    C:\Documents and Settings\Administrator.>netstat -ano

    Active Connections

      Proto  Local Address          Foreign Address        State           PID
      TCP    0.0.0.0:7              0.0.0.0:0              LISTENING       2060
      TCP    0.0.0.0:9              0.0.0.0:0              LISTENING       2060
      TCP    0.0.0.0:13             0.0.0.0:0              LISTENING       2060
      TCP    0.0.0.0:17             0.0.0.0:0              LISTENING       2060
      TCP    0.0.0.0:19             0.0.0.0:0              LISTENING       2060
      TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       5888
      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       776
      TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:587            0.0.0.0:0              LISTENING       5888
      TCP    0.0.0.0:593            0.0.0.0:0              LISTENING       776
      TCP    0.0.0.0:1043           0.0.0.0:0              LISTENING       528
      TCP    0.0.0.0:1068           0.0.0.0:0              LISTENING       2452
      TCP    0.0.0.0:1069           0.0.0.0:0              LISTENING       2332
      TCP    0.0.0.0:1082           0.0.0.0:0              LISTENING       2004
      TCP    0.0.0.0:1096           0.0.0.0:0              LISTENING       2452
      TCP    0.0.0.0:1103           0.0.0.0:0              LISTENING       3836
      TCP    0.0.0.0:1127           0.0.0.0:0              LISTENING       4324
      TCP    0.0.0.0:1237           0.0.0.0:0              LISTENING       1600
      TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       5872
      TCP    0.0.0.0:6001           0.0.0.0:0              LISTENING       2332
      TCP    0.0.0.0:6002           0.0.0.0:0              LISTENING       2452
      TCP    0.0.0.0:6004           0.0.0.0:0              LISTENING       2452
      TCP    0.0.0.0:10000          0.0.0.0:0              LISTENING       2204
      TCP    172.28.45.9:80         0.0.0.0:0              LISTENING       4
      TCP    172.28.45.9:139        0.0.0.0:0              LISTENING       4
      TCP    172.28.45.9:443        0.0.0.0:0              LISTENING       4
      TCP    172.28.45.9:1061       172.28.45.3:3268       ESTABLISHED     2332
      TCP    172.28.45.9:1062       172.28.45.3:389        CLOSE_WAIT      2332
      TCP    172.28.45.9:1063       172.28.45.3:389        ESTABLISHED     2332
      TCP    172.28.45.9:1064       172.28.45.3:389        ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1175       ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1178       ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1203       ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1206       ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1261       ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1262       ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1271       ESTABLISHED     2332
      TCP    172.28.45.9:1069       172.28.45.9:1337       ESTABLISHED     2332
      TCP    172.28.45.9:1074       172.28.45.3:3268       CLOSE_WAIT      2452
      TCP    172.28.45.9:1080       172.28.45.3:3268       ESTABLISHED     2004
      TCP    172.28.45.9:1081       172.28.45.3:389        CLOSE_WAIT      2004
      TCP    172.28.45.9:1083       172.28.45.3:389        ESTABLISHED     2004
      TCP    172.28.45.9:1084       172.28.45.3:389        CLOSE_WAIT      2452
      TCP    172.28.45.9:1087       172.28.45.3:389        ESTABLISHED     2452
      TCP    172.28.45.9:1088       172.28.45.3:3268       CLOSE_WAIT      2452
      TCP    172.28.45.9:1089       172.28.45.3:389        ESTABLISHED     2452
      TCP    172.28.45.9:1090       172.28.45.3:389        CLOSE_WAIT      2452
      TCP    172.28.45.9:1095       172.28.45.3:389        ESTABLISHED     2452
      TCP    172.28.45.9:1106       172.28.45.3:389        ESTABLISHED     3980
      TCP    172.28.45.9:1109       172.28.45.3:389        ESTABLISHED     2420
      TCP    172.28.45.9:1112       172.28.45.3:389        ESTABLISHED     4068
      TCP    172.28.45.9:1113       172.28.45.3:3268       CLOSE_WAIT      3464
      TCP    172.28.45.9:1114       172.28.45.3:389        ESTABLISHED     2452
      TCP    172.28.45.9:1115       172.28.45.3:389        CLOSE_WAIT      2452
      TCP    172.28.45.9:1122       172.28.45.3:3268       ESTABLISHED     2420
      TCP    172.28.45.9:1126       172.28.45.3:389        ESTABLISHED     4324
      TCP    172.28.45.9:1149       172.28.45.3:389        ESTABLISHED     2332
      TCP    172.28.45.9:1164       172.28.45.3:3268       CLOSE_WAIT      3924
      TCP    172.28.45.9:1175       172.28.45.9:1069       ESTABLISHED     2420
      TCP    172.28.45.9:1178       172.28.45.9:1069       ESTABLISHED     2420
      TCP    172.28.45.9:1203       172.28.45.9:1069       ESTABLISHED     4084
      TCP    172.28.45.9:1206       172.28.45.9:1069       ESTABLISHED     4084
      TCP    172.28.45.9:1222       172.28.45.3:389        CLOSE_WAIT      5888
      TCP    172.28.45.9:1235       172.28.45.3:389        ESTABLISHED     1600
      TCP    172.28.45.9:1237       172.28.45.9:1332       ESTABLISHED     1600
      TCP    172.28.45.9:1261       172.28.45.9:1069       ESTABLISHED     2420
      TCP    172.28.45.9:1262       172.28.45.9:1069       ESTABLISHED     4084
      TCP    172.28.45.9:1271       172.28.45.9:1069       ESTABLISHED     1600
      TCP    172.28.45.9:1325       172.28.45.3:3268       CLOSE_WAIT      4084
      TCP    172.28.45.9:1327       172.28.45.3:389        CLOSE_WAIT      4084
      TCP    172.28.45.9:1332       172.28.45.9:1237       ESTABLISHED     3924
      TCP    172.28.45.9:1337       172.28.45.9:1069       ESTABLISHED     1600
      TCP    172.28.45.9:1789       172.28.45.3:389        CLOSE_WAIT      3924
      TCP    172.28.45.9:1810       172.28.45.3:389        ESTABLISHED     3464
      TCP    172.28.45.9:1811       172.28.45.3:389        CLOSE_WAIT      3464
      TCP    172.28.45.9:1812       172.28.45.3:389        ESTABLISHED     4324
      TCP    172.28.45.9:1813       172.28.45.3:389        ESTABLISHED     4084
      TCP    172.28.45.9:1821       172.28.45.3:389        ESTABLISHED     1600
      TCP    172.28.45.9:1822       172.28.45.3:389        ESTABLISHED     5888
      TCP    172.28.45.9:1823       172.28.45.3:389        CLOSE_WAIT      5888
      TCP    172.28.45.9:1896       172.28.45.3:3268       ESTABLISHED     1600
      TCP    172.28.45.9:1900       172.28.45.3:389        CLOSE_WAIT      2032
      TCP    172.28.45.9:1906       172.28.45.3:389        CLOSE_WAIT      4084
      TCP    172.28.45.9:1932       172.28.45.3:389        ESTABLISHED     3836
      TCP    172.28.45.9:1949       172.28.45.3:3268       ESTABLISHED     3836
      TCP    172.28.45.9:1952       172.28.45.3:135        TIME_WAIT       0
      TCP    172.28.45.9:1953       172.28.45.3:1025       TIME_WAIT       0
      TCP    172.28.45.9:1963       172.28.45.3:1025       ESTABLISHED     528
      TCP    172.28.45.21:80        0.0.0.0:0              LISTENING       4
      TCP    172.28.45.21:443       0.0.0.0:0              LISTENING       4
      UDP    0.0.0.0:7              *:*                                    2060
      UDP    0.0.0.0:9              *:*                                    2060
      UDP    0.0.0.0:13             *:*                                    2060
      UDP    0.0.0.0:17             *:*                                    2060
      UDP    0.0.0.0:19             *:*                                    2060
      UDP    0.0.0.0:161            *:*                                    2128
      UDP    0.0.0.0:445            *:*                                    4
      UDP    0.0.0.0:500            *:*                                    528
      UDP    0.0.0.0:1025           *:*                                    840
      UDP    0.0.0.0:1026           *:*                                    840
      UDP    0.0.0.0:4500           *:*                                    528
      UDP    127.0.0.1:123          *:*                                    884
      UDP    127.0.0.1:1027         *:*                                    528
      UDP    127.0.0.1:1031         *:*                                    1180
      UDP    127.0.0.1:1044         *:*                                    2004
      UDP    127.0.0.1:1060         *:*                                    2332
      UDP    127.0.0.1:1071         *:*                                    2452
      UDP    127.0.0.1:1098         *:*                                    3464
      UDP    127.0.0.1:1104         *:*                                    3980
      UDP    127.0.0.1:1107         *:*                                    2420
      UDP    127.0.0.1:1110         *:*                                    4068
      UDP    127.0.0.1:1124         *:*                                    4324
      UDP    127.0.0.1:1144         *:*                                    4084
      UDP    127.0.0.1:1162         *:*                                    3924
      UDP    127.0.0.1:1167         *:*                                    3836
      UDP    127.0.0.1:1209         *:*                                    468
      UDP    127.0.0.1:1218         *:*                                    5888
      UDP    127.0.0.1:1233         *:*                                    1600
      UDP    127.0.0.1:1249         *:*                                    4644
      UDP    127.0.0.1:1898         *:*                                    2032
      UDP    172.28.45.9:123        *:*                                    884
      UDP    172.28.45.9:137        *:*                                    4
      UDP    172.28.45.9:138        *:*                                    4
      UDP    172.28.45.21:123       *:*                                    884
      UDP    172.28.45.22:123       *:*                                    884

    C:\Documents and Settings\Administrator.>httpcfg query iplisten
        IP                      : 172.28.45.21
    ------------------------------------------------------------------------------
        IP                      : 172.28.45.9
    ------------------------------------------------------------------------------

     

     

     

     

    Saturday, September 22, 2007 1:19 AM
  • User989702501 posted

    The output looks fine to me.... port 443 is bind to each IP. SSL binding is running.
    and port 80 as well. so both sites are up and running.

    you saying the site can't be started?
    anything in event log ?

    Saturday, September 22, 2007 1:36 AM
  • User-146909445 posted

     

    Yes, every time I attempt to start the client website I get exact same message:

     

     

    "IIS was unable to start the site. Another site may already be using the port you configured for this site. Please select an unused port for this site."<?xml:namespace prefix = o /><o:p></o:p><o:p> </o:p>I also took a snap shot of the message, but was not able to paste it here, neither event log generate any message related to this.<o:p></o:p><o:p> </o:p>

    I have a similar setup on my test lab server which works fine and I did not have to specify any additional configuration (only difference is the hardware). I wonder… if this is a software bug which few people have encountered and I am one of them. :(

     

    This system running MS Exchange 2007 enterprise edition, during the installation exchange server automatically create default website and self assigned SSL certificate to the directory. Since outlook 2007 uses web base discovery, it was recommended to create second website and assign trusted digital certificate to that site. All our external users can access the owa website but they receive security warning, due to the private self assigned certificate.

     

    I thought this might give you a better idea and possibly hint for the solution. In any event, I plan on calling Microsoft support group Monday morning, if this does not get resolved over the weekend.<o:p></o:p><o:p> </o:p><o:p></o:p> <o:p></o:p><o:p></o:p><o:p></o:p>Thank you for your time and patience.<o:p></o:p>
    Saturday, September 22, 2007 10:27 AM
  • User989702501 posted

    It should not be a bug... and the error msgs is telling us that binding issue with port conflict, yet we failed to find any.
    Before you can PSS, I would try. delete the client website...... amek sure the Exchange site is working.... then recreate the client website, then reassign the cert, blah blah.... I would also clean up all iplisten. and set it as empty or default.

    if still getting the same error if binding on port 443. i will try bind the 2nd website SSL to 4433. just to see if it works. If this works. something is using the port 443. then.... need to find out what program is using it.

    Sunday, September 23, 2007 12:01 AM
  • User-146909445 posted

    Bernard,

    Would you mind posting the complete commands/syntax to clean up all iplisten and set it to empty or default including if I wanted to bind second website to 4433.

    I received the same port conflict message when I created additional website called it “Test”.  I may load Ethereal to see if there is another program, which might be using the same port.

     

    Sunday, September 23, 2007 5:07 PM
  • User989702501 posted

    To clean up -
    httpcfg delete iplisten -i ip.ip.ip.ip

    repeat the same syntax until all deleted then query again.
    remember to net stop http and iisreset.

    httpcfg query iplisten

    and make sure you see the following:
    HttpQueryServiceConfiguration completed with 1168.

    after query the SSL setting.
    httpcfg query SSL.

    if you have configure both cert, then you should see 2 entries.
    with binding to diff IP.

    then go back to IIS MMC. click stop and start the client web site - conflict msgs again?

    do a netstat -ano..... find out what program is using the port 80/443

     

    Sunday, September 23, 2007 11:50 PM
  • User-146909445 posted

    I called Microsoft support group today, so far they have been very helpful but this process took entire day and still in pending. I will let you know once I am finished with the issue, so stay tuned.  J

    Tuesday, September 25, 2007 8:00 PM
  • User-146909445 posted

     

    The initial problem where I could not assign port 443 to client website was simple then I ever thought. Since I did not applied SSL certificate to the second website the option was grayed which is normal upon applying the SSL certificate I was able to assign port 443 and working independently.  The autodiscover directory required further more configuration which took three straight days of my and the Microsoft engineer time to get it working.

     

    I overlooked at the problem and drove many including you (Bernard) crazy to resolve the issue. My apology and hopefully I would not encounter such issue in the future.

     

    <o:p> </o:p>

    By the way, any recommendation on IIS book would greatly appreciate it.

     

    Thank you very much and I really appreciate your help.

     

    Regards,

     

    Imran

     

    Friday, September 28, 2007 11:23 AM
  • User989702501 posted

    auto discovery ? the IE settings? I thought you able to browse site 1 with cert 1 but not site2 with cert 2?
    IE acting with cert 2 ? zzzzzzz

     

    Sunday, September 30, 2007 2:18 AM