FIX: IIS 6.0 incorrectly binds to ports when IP addresses are added to the IP inclusion list

You may notice that Microsoft Internet Information Services (IIS) 6.0 incorrectly binds to ports when IP addresses are added to the IP inclusion list. Consider the following scenario:

• The Web server has two IP addresses. These IP addresses are bound to an installed network card in Internet Information Services Manager (IISM) in IIS 6.0. In this example, the two IP addresses are 10.10.10.2 and 10.10.10.3.
• There are two Web sites in IIS 6.0. Web site 1 is bound to 10.10.10.2:80 for HTTP traffic. Web site 1 is also bound to 10.10.10.2:443 for SSL traffic. Web site 2 is bound to 10.10.10.3:80 for HTTP traffic only.

In this scenario, when you use the netstat command to view the ports on which the computer is listening, you may notice that IIS 6.0 is bound to port 80 and to port 443 on both IP addresses.

This issue occurs when either of the following conditions is true:

• Both IP addresses have been added to the IP inclusion list.
• Both port 80 and port 443 are bound on 0.0.0.0.

You cannot resolve this problem by setting the IIS 6.0 DisableSocketPooling property to True.

This problem occurs because the Http.sys file binds to any ports on the Web sites for the IP addresses that are configured in IISM.

Service pack information

To resolve this problem, obtain the latest service pack for Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Hotfix information

Prerequisites

You must have Microsoft Windows Server 2003 Service Pack 1 (SP1) installed to apply this hotfix.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

Registry information

You must create a registry key to enable this hotfix. To do this, follow these steps:

1. Apply this hotfix.
2. Click Start, click Run, type regedit, and then click OK.
3. Locate and then click the following registry key:
   HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
4. Right-click Parameters, point to New, and then click DWORD Value.
5. Type DisableEndpointSharing, and then press ENTER.
6. Right-click DisableEndpointSharing, click Modify, type 1 in the Value data box, and then click OK.
7. Delete any entries in the IP Listen list.
   
   Note To complete this action, you must have the Microsoft Windows Support Tools installed.
   
   To determine whether any IP addresses are listed, open a command prompt, and then run the following command:
   httpcfg query iplisten
   If the IP Listen list is empty, the command returns the following string:

   HttpQueryServiceConfiguration completed with 1168.

   If the command returns a list of IP addresses, remove each IP address in the list by using the following command:
   httpcfg delete iplisten -i x.x.x.x
   Note In this command, the placeholder x.x.x.x represents the IP address that is listed in the IP Listen list.
   
   If the deletion command succeeds, it returns the following string:

   HttpQueryServiceConfiguration completed with 0.

8. Click Start, click Run, type cmd, and then click OK.
9. At the command prompt, type NET STOP HTTP /y, and then press ENTER.
10. At the command prompt, type iisreset /restart, and then press ENTER.

Note This change will have no effect if the HTTP.SYS IP Listen list contains any entries.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003 SP1, Itanium Architecture

Windows Server 2003 SP1, x64

Windows Server 2003 SP1, x86

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows Server 2003 Service Pack 2.

In Microsoft Internet Information Services 5.0, you can resolve this issue by setting the DisableSocketPooling property to True in the IIS 5.0 metabase. Although the DisableSocketPooling property is a valid property in the IIS 6.0 metabase, setting this property to True in the IIS 6.0 metabase does not resolve the problem.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

For more information about how to add an IP address to the IP inclusion list, click the following article number to view the article in the Microsoft Knowledge Base: