Internet Explorer 6 cannot use the Kerberos authentication protocol to connect to a Web site that uses a non-standard port in Windows XP and in Windows Server 2003

Article translations Article translations
Article ID: 908209 - View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • The computer is running one of the following operating systems:
    • Windows XP
    • Windows Server 2003
  • The computer has Internet Information Services (IIS) installed.
  • You have two Web sites that have different ports and identities. These two Web sites are running on the same computer. For example, Web site 1 runs on port 80 under identity "id1" and Web site 2 runs on port 81 under identity "id2”.
  • Both the Web sites use Kerberos authentication protocol version 5.
  • You use the Setspn utility to declare the Service Principal Name (SPN) for Web site 2.
  • You use the same host name to connect to Web site 1 and to Web site 2. You use Windows Internet Explorer 6 or a later version to make this connection.

    For example, you use http://examplewebserver to connect to Web site 1 and http://examplewebserver:81 to connect to Web site 2. In this example, you use the same examplewebserver host name to connect to both Web sites.
In this scenario, Internet Explorer can use the Kerberos protocol to connect to Web site 1. However, Internet Explorer cannot use the Kerberos protocol to connect to Web site 2.

CAUSE

This problem occurs because the Wininet.dll file does not pass the port number of the target Web site when it calls the InitializeSecurityContext function to build the Kerberos ticket. This prevents Internet Explorer 6 from using the Kerberos protocol to connect to multiple Web sites that run on different ports under different identities.

RESOLUTION

Note If you are using Windows Internet Explorer 7 or Windows Internet Explorer 8, you may still run into this problem. However, to resolve the problem, you do not need to install a software update. Instead, follow the instructions in the " section to add a registry key.

Internet Explorer 6 on Windows XP

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Prerequisites
No prerequisites are required.
Registry information
To apply this hotfix, you must create a registry key. To do this, go to the "Post-hotfix installation instructions" section.
Restart requirement
You must restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wininet.dll6.0.2900.2905664,06410-May-200614:35x86

Internet Explorer 6 on Windows Server 2003

Service pack information

To resolve this problem, obtain the latest service pack for Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
889100 How to obtain the latest service pack for Windows Server 2003

Hotfix information

Prerequisites
No prerequisites are required.
Registry information
To apply this hotfix, you must create a registry key. To do this, go to the "Post-hotfix installation instructions" section.
Restart requirement
You must restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Server 2003, Itanium-based versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Wininet.dll6.0.3790.26991,703,93610-May-200605:48IA-64SP1SP1QFE
Wwininet.dll6.0.3790.2699665,60010-May-200605:48x86SP1WOW
Windows Server 2003, x64-based versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Wininet.dll6.0.3790.26991,189,88810-May-200605:48x64SP1SP1QFE
Wwininet.dll6.0.3790.2699665,60010-May-200605:48x86SP1WOW
Windows Server 2003, x86-based versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wininet.dll6.0.3790.2699665,60010-May-200607:41x86

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Post-hotfix installation instructions

Note These steps should be applied on the client computer on which you try to open the Web page.

After you install the hotfix, you must add the
FEATURE_INCLUDE_PORT_IN_SPN_KB908209
registry key, and then set its DWORD value to iexplore.exe. To do this, follow these steps.

For 32-bit computers

  1. Click Start, click Run, type regedit, and then click OK.
  2. In the left pane, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
  3. On the Edit menu, point to New, and then click Key.
  4. Type FEATURE_INCLUDE_PORT_IN_SPN_KB908209, and then press ENTER.
  5. On the Edit menu, point to New, and then click DWORD Value.
  6. Type iexplore.exe, and then press ENTER.
  7. On the Edit menu, click Modify.
  8. Type 1 in the Value data box, and then click OK.
  9. Exit Registry Editor.

For 64-bit computers

  1. Click Start, click Run, type regedit, and then click OK.
  2. In the left pane, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl
  3. On the Edit menu, point to New, and then click Key.
  4. Type FEATURE_INCLUDE_PORT_IN_SPN_KB908209, and then press ENTER.
  5. On the Edit menu, point to New, and then click DWORD Value.
  6. Type iexplore.exe, and then press ENTER.
  7. On the Edit menu, click Modify.
  8. Type 1 in the Value data box, and then click OK.
  9. Exit Registry Editor.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 908209 - Last Review: October 9, 2011 - Revision: 6.0
APPLIES TO
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
  • Windows Internet Explorer 7
  • Windows Internet Explorer 8
Keywords: 
kbautohotfix kbwinserv2003sp2fix kbwinxpsp3fix kbwinxppresp3fix kbwinserv2003presp2fix kbbug kbfix kbhotfixserver kbqfe KB908209

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com