"Cannot find server" or "DNS" Errors When Using SSL (Q & A)

Article ID: 292296 - View products that this article applies to.
This article was previously published under Q292296
Expand all | Collapse all

SUMMARY

The "Cannot find server" or "DNS error" browser error messages are symptoms of several different problems. This article lists some of the more common reasons this error may occur when the Web site is using Secure Sockets Layer (SSL) and is therefore accessed by using https://.

MORE INFORMATION

  • Was the Web server certificate part of an export or import process? There is a known problem during the import process in which the wrong cryptographic service provider (CSP) is chosen. You may also see an Schannel Event ID: 36871 message. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
    261655
    (http://support.microsoft.com/kb/261655/EN-US/ )
    Cannot Make an SSL Connection After Exporting and Importing an Server Certificate
  • Is the Web Server running Windows 2000, and has the Web server certificate recently renewed? The usual renewal process involves sending a renewal request to the Web server certificate issuer (that is, a Certificate Authority such as VeriSign, Netscape, or Microsoft.) A fix has been developed that ensures that a standard PKCS10-formatted renewal request is created. For more information, see the following Knowledge Base article:
    262979
    (http://support.microsoft.com/kb/262979/EN-US/ )
    Cannot Renew Verisign Certificates in IIS 5.0
  • Is the Sspifilt.dll file loaded on the IIS master properties ISAPI Filter tab? If not, add the Sspifilt.dll name and the \Winnt\System32\Inetsrv\Sspifilt.dll execution path to the IIS master properties ISAPI Filter tab.

  • Were any changes made to the IIS computer or Web site while a certificate request was pending? (For example, a certificate request was generated and sent to VeriSign. Before the certificate was installed, a service pack was applied, the high encryption pack was installed, or the Web site bindings were changed.) If so, you must generate a new certificate request. It is important that you do not change anything while a certificate request is pending.

  • Does the Web site have a secure identity? To confirm this, follow these steps:

    1. Make sure that the Web site is bound to a secure port.
      1. From the Microsoft Management Console (MMC), right-click the Web site and click Properties.
      2. On the Web Site tab, note the IP address (this may be All Unassigned) and SSL port.NOTE: If the SSL port is blank, type 443 and restart the IIS service. If the port is dimmed, a server certificate has not been successfully installed. For more information, see the following Knowledge Base article:
        228836
        (http://support.microsoft.com/kb/228836/EN-US/ )
        Installing a New Certificate with Certificate Wizard for Use in SSL/TLS
    2. Confirm that the Web site is correctly bound to the network card.
      1. From a command prompt, type netstat -an.
      2. If the Web site was bound to the All Unassigned IP address and SSL port 443, verify that the Local Address entry is 0.0.0.0:443.

        If the Web site was bound to a specific IP address (for example, 172.26.207.120) and SSL port 443, verify that the Local Address entry is IPaddress:443 (for example, 172.26.207.120:443).

Properties

Article ID: 292296 - Last Review: November 21, 2006 - Revision: 2.1
APPLIES TO
  • Microsoft Internet Information Services 5.0
Keywords: 
kbfaq KB292296
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top