I need to revive an application so it can be safely archived by a third party before being phased out.
In order to do so without endangering the whole server, I want to force the user to authenticate before connecting, which means requiring TLS.
Unfortunately, the 443 port on that server (xxx.xxx.xxx.120) is taken by another application (a web mail system that uses its own HTTP server) so I added a new public IP to the server (xxx.xxx.xxx.120) and added a binding in IIS for port 443 on this new IP:
I also made sure that the other app is NOT bond on 0.0.0.0:443 but uses the specific IP address.
Finally, I ran netstat -ano | find ":443"
and got this:
TCP xxx.xxx.xxx.120:443 0.0.0.0:0 LISTENING 3016
TCP xxx.xxx.xxx.120:443 0.0.0.0:0 LISTENING 3016
xxx.xxx.xxx.120 is the initial server IP address, the new one being xxx.xxx.xxx.122.
For good measure, I also ran netstat -aon | Find "xxx.xxx.xxx.122:443"
(the new IP) and got nothing back, as expected.
Unfortunately, when I try to start the web application, I got this error message:
This error is the one IIS throws if IP:Port it tries to bind to is taken and yet netstat clearly say it is available.
What am I missing ?
Edit: There are two events in the system event log when I attempt to start the service:
Log Name: System
Source: Microsoft-Windows-IIS-W3SVC
Date: 7/19/2014 11:59:44 AM
Event ID: 1004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxx
Description:
The World Wide Web Publishing Service (WWW Service) did not register the URL prefix https://XXX.XXX.XXX.122:443/ for site 2. The site has been disabled. The data field contains the error number.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-IIS-W3SVC" Guid="{xxxxx}" EventSourceName="W3SVC" />
<EventID Qualifiers="49152">1004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-07-19T09:59:44.000000000Z" />
<EventRecordID>119596</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>xxxx</Computer>
<Security />
</System>
<EventData>
<Data Name="UrlPrefix">https://XXX.XXX.XXX.122:443/</Data>
<Data Name="SiteID">2</Data>
<Binary>20000780</Binary>
</EventData>
</Event>
And
Log Name: System
Source: Microsoft-Windows-HttpEvent
Date: 7/19/2014 11:59:44 AM
Event ID: 15005
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXX
Description:
Unable to bind to the underlying transport for [::]:443. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HttpEvent" Guid="{xxx}" EventSourceName="HTTP" />
<EventID Qualifiers="49152">15005</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-07-19T09:59:44.330234300Z" />
<EventRecordID>119597</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="88" />
<Channel>System</Channel>
<Computer>XXX</Computer>
<Security />
</System>
<EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="Address">[::]:443</Data>
<Binary>0000040002003000000000009D3A00C0000000000000000000000000000000000000000000000000430000C0</Binary>
</EventData>
</Event>
The IP-Address shown in the 2. Event "[::]:443" looks like IPv6. Perhaps both web applications try to bound all IPv6-Addresses besides IPv4-Addresses you specified. Try disable IPv6 temporarily to see if the issue disappears.