FIX: A Web client may receive a "page cannot be displayed" error message when you run SSL in kernel mode in Windows Server 2003 Service Pack 1

When you run Secure Sockets Layer (SSL) in kernel mode in Microsoft Windows Server 2003, a Web client may receive a "page cannot be displayed" error message. This problem occurs when you use Microsoft Internet Information Services (IIS) 6.0. Additionally, an HTTP 400 (substatus 64) error message may be written to the IIS logs.

You may experience this problem when a Web client submits a form that has lots of data and uses a Microsoft Active Server Pages (ASP) application or a Microsoft ASP.NET Web application that uses lots of View State data.

Service pack information

To resolve this problem, obtain the latest service pack for Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Hotfix information

Prerequisites

You must have Windows Server 2003 Service Pack 1 (SP1) installed to apply this hotfix.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003 Service Pack 1 (SP1) x86 version

Windows Server 2003 Service Pack 1 (SP1) IA-64 version

Windows Server 2003 Service Pack 1 (SP1) x64 version

To work around this problem, disable SSL kernel mode in Windows Server 2003 SP1 and later versions of Windows Server 2003.

Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows Server 2003 Service Pack 2.

In Windows Server 2003 SP1 and in later versions of Windows Server 2003, you can run SSL in kernel mode instead of default user mode. Kernel mode means that components or processes run in the core address space of the operating system.

Running SSL in kernel mode improves SSL performance because encryption and decryption operations are moved to the kernel. This change reduces the number of transitions between kernel mode and user mode.

For more information about how to run SSL in kernel mode instead of the default user mode, visit the following Microsoft Web site: