FIX: Removing SSL key leaves behind undeletable port

This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:For more information about IIS 7.0, visit the following Microsoft Web site:
Symptoms
When you delete a key certificate under Key Manager, the SSL port number that is specified for that key still exists on the Web Site tab of the Default Web Site Properties window. You may not be able to delete the port setting, even in the Web Site Identification's Advanced window. However, the server is still listening to that port.
Cause
The Default Web Site options under the Console Root and Key Manager are actually two separate programs. In this instance, the port binding information between the two utilities is not updated correctly.
Resolution

Windows NT Server or Windows NT Workstation 4.0

To resolve this problem, obtain the latest service pack for Microsoft Windows NT 4.0. Or, obtain the individual software update. For more information about how to obtain the latest service pack for Windows NT 4.0, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
For information about how to obtain the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers, and for information about support costs, visit the following Microsoft Web site:

Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
Workaround
To work around this issue, use one of the following methods.

Method 1

Before you delete the key certificate by using the Key Manager utility, manually change the SSL port number to 0 on the Web Site tab in the Default Web Site Properties window. After you apply the change, open Key Manager, and then delete the key certificate.

Method 2

If you have already deleted the SSL key, you can remove the SecureBinding key in the metabase by using the Adsutil.vbs tool. To do this, follow these steps:
  1. Open a Command Prompt window.
  2. Navigate to the following directory:
    c:\winnt\system32\inetsrv\adminsamples
  3. Run the following command:
    cscript adsutil.vbs delete w3svc/X/securebindings
    Note In this command, X is the identifier for the Web site. For example, this command for the Default Web site is as follows:
    cscript adsutil.vbs delete w3svc/1/securebindings
Status
Microsoft has confirmed that this is a problem in Windows NT 4.0 and in Windows NT Server 4.0, Terminal Server Edition.

This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and in Windows NT Server 4.0, Terminal Server Edition Service Pack 6.
More information
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
administration security 4.00
Properties

Article ID: 236936 - Last Review: 01/09/2015 22:49:49 - Revision: 7.0

  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
  • kbnosurvey kbarchive kbbug kbnofix kbqfe KB236936
Feedback