|
Home > Archive > IIS Server > November 2004 > Page cannont be displayed ... Cannot find server or DNS error - I'VE TRIED EVERYTHING
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Page cannont be displayed ... Cannot find server or DNS error - I'VE TRIED EVERYTHING
|
|
| Daniel J. Reynolds 2004-11-02, 5:54 pm |
| When attempting to get a Web Page from a SSL Web Site on IIS 5
using IE6 SP1 located on the same computer as the Web Server
I get the following error:
"Page Cannont be Displayed ... Cannot Find Server or DNS Error"
Read on before you respond!!!
When I try:
http://10.1.1.80 I get the Web Page
http://sitename.domain.com I get the Web Page
https://10.1.1.80 I get the Web Page
however I also get a warning that certificate is invalid or
there is a name mismatch
the installed certificate's commion name is
sitename.domain.com (error is expected)
https://sitename.domain.com I get "Page cannot be Displayed .."
System is W2K with SP4, IE6 Sp1, IIS 5, all available updates
from Windows Update Service - nothing else - all newly installed.
Web site is 2nd Website and has Certificate from Enterprise Root CA.
Certificate appears to work using IP address - not DNS/common name.
Default Web site is installed and active. It has no certificate.
Web site content is a simple HTML file that has been assigned as the
default document.
The DNS/Common name sitename.domain.com is resolvable from both the
intranet as well as the internet - nslookup reports the approppriate
IP addresses in each case.
The DNS/Cmmon name sitename.domain.com is not the same as
hostname.domain.com.
The behavior is the same when I attempt to get the Web Page from
an another host on the internet.
I have reviewed the issue on the Newsgroups and have attempted the
following:
KB290391 Removed the SSL (443) binding from default Web Site.
KB259349 Disabled Socket Pooling.
KB292296 Assured that sspifilt.dll is listed in Master Properties.
KB324839 Assured that sspifilt.dll is NOT listed in the Registry.
KB292296 Assured that SSL Post is entered as 443.
KB292296 Assured that 0.0.0.0:443 not bound to All Unassigned.
KB292296 Assured that 10.1.1.80:443 web site address is bound to SSL.
KB260096 Assigned and removed a certificate on the Default Web Site.
Finally I tried the sequence described in KB265847, KB228821, and
KB228836. This resulted in a certificate issued to
IWAM_CERTSERVERNAME rather than
sitename.domain.com. Obviously it didn'y work.
I ran both SSLDiag/Simulate SSL Handshake and wfetch.
They both appear to work?? The results are included below
I changed the actual site name and domain name.
wfetch
=================================
started....resolve hostname
"sitename.domain.com"WWWConnect::Connect("10.6.21.80","443")\n
source port: 2598\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: sitename.domain.com\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 200 OK\r\n
Server: Microsoft-IIS/5.0\r\n
X-Powered-By: ASP.NET\r\n
Content-Location: https://sitename.domain.com/Default.htm\r\n
Date: Tue, 02 Nov 2004 20:08:37 GMT\r\n
Content-Type: text/html\r\n
Accept-Ranges: bytes\r\n
Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT\r\n
ETag: "aacc9124bc0c41:d8f"\r\n
Content-Length: 546\r\n
\r\n
<HTML>\r\n
<HEAD>\r\n
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r\n
<META HTTP-EQUIV="Expires" CONTENT="-1">\r\n
<META HTTP-EQUIV="Cache-Control" CONTENT="Private">\r\n
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\r\n
<META HTTP-EQUIV="Content-Type" content="text/html;
charset=iso-8859-1">\r\n
<TITLE>High Aspect Development</TITLE>\r\n
</HEAD>\r\n
<BODY>\r\n
<Center>\r\n
<p><font face="Comic Sans MS" size="6">High Aspect
Development</font></p>\r\n
<p align="center"><font face="Comic Sans MS" size="3">Default
Page</font></p>\r\n
</CENTER>\r\n
</BODY>\r\n
</HTML>\r\n
\r\n
finished.
SSLDiag:
========================================
=============
System time: Tue, 02 Nov 2004 19:46:01 GMT
Connecting to 10.6.21.80:443
Connected
Handshake: 78 bytes sent
Handshake: 2000 bytes received
Handshake: 118 bytes sent
Handshake: 43 bytes received
Handshake succeeded
Verifying server certificate, it might take a while...
Server certificate name: sitename.domain.com
Server certificate subject: C=US, S=Indiana, L=Ogden Dunes, O=High
Aspect Development, OU=Report Server, CN=sitename.domain.com
Server certificate issuer: E=dan@domain.com, C=US, S=IN, L=Ogden
Dunes, O=High Aspect Development Corporation, OU=High Aspect, CN=High
Aspect Enterprise Certificate Authority
Server certificate validity: From 11/2/2004 11:20:05 AM To 11/2/2006
11:20:05 AM
HTTPS request:
GET / HTTP/1.0
User-Agent: SSLDiag
Accept:*/*
HTTPS: 72 bytes of encrypted data sent
HTTPS: 340 bytes of encrypted data received
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Content-Location: https://10.6.21.80/Default.htm
Date: Tue, 02 Nov 2004 19:46:01 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 01 Nov 2004 19:43:07 GMT
ETag: "aacc9124bc0c41:d8f"
Content-Length: 546
HTTPS: 588 bytes of encrypted data received
<HTML>
<HEAD>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Cache-Control" CONTENT="Private">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Content-Type" content="text/html;
charset=iso-8859-1">
<TITLE>High Aspect Development</TITLE>
</HEAD>
<BODY>
<Center>
<p><font face="Comic Sans MS" size="6">High Aspect
Development</font></p>
<p align="center"><font face="Comic Sans MS" size="3">Default Web
Page</font></p>
</CENTER>
</BODY>
</HTML>
HTTPS: server disconnected
Final handshake: 23 bytes sent successfully
It seems that I've tried everything??
Any help, ideas??
Thanks
| |
| [Tony Devere] 2004-11-29, 5:53 pm |
| So SSL is working fine when we use the local IP but not when you use the
FQDN.
1st. have you turned off friendly error messages? - just want to make sure
we're not seeing something else with this enabled...
2nd you didn't mention the event logs: have you seen anything in the event
logs that would be useful?
3rd it appears we may have a network config issue:
wfetch shows that we resolve the sitename.domain.com to the correct IP and
actually returns back an 200 ok...
we need to verify this is actually what happens with the IIS LOGS... see
what IIS returns back as a status code with the help of the IIS logs
you might even try this... use the host file to add the ip address of the
sitename.domain.com this way we won't rely on DNS and instead use the local
IP for sure..
Do you have both the default web site and the 2nd web site set to all
unassiged?
let's start with this...
Thank you,
Tony DeVere [MSFT]
Microsoft IIS
Newsgroup Support
tdevere@online.microsoft.com
"Please do not send email directly to this alias. This is our online
account name for newsgroup participation only."
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.
|
|
|
|
|