Problem with IIS 6.0

Windows 2003 Server Enterprise edition.
A valid server certificate is installed.
I can establish connection to
https://serverort/
and then read/write files and folders to it.

I created a new virtual folder on the server
https://serverort/virtual/
When I double click on it, Internet Explorer, it tries to open
http://server/virtual/
It asks me for password again, and when I type the password, it displays an
error:
The folder http://server/virtual is no longer available.

1. Note the difference:
The file transfer site is on a custom port and requires HTTPS.
Internet Explorer tries to connect to a completely different web site.

2. If I connect to
https://serverort/
without using Web Folders, I can click the link to the virtual folder and
view it's content - It looks like a web page with hyper links to files and
folders.

3. If I create a new Web folder that points to
https://serverort/virtual
Everything works fine.

I am sure that this is either a bug in Internet Explorer 6 / Windows
Explorer or in IIS 6.

End of Report.

George Valkov

Hi George,

In https://serverort/virtual/ what did you enter for port? What is defined
for SSL port on IIS?

Mike

"George Valkov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Windows 2003 Server Enterprise edition.
> A valid server certificate is installed.
> I can establish connection to
> https://serverort/
> and then read/write files and folders to it.
>
> I created a new virtual folder on the server
> https://serverort/virtual/
> When I double click on it, Internet Explorer, it tries to open
> http://server/virtual/
> It asks me for password again, and when I type the password, it displays
an
> error:
> The folder http://server/virtual is no longer available.
>
> 1. Note the difference:
> The file transfer site is on a custom port and requires HTTPS.
> Internet Explorer tries to connect to a completely different web site.
>
> 2. If I connect to
> https://serverort/
> without using Web Folders, I can click the link to the virtual folder and
> view it's content - It looks like a web page with hyper links to files and
> folders.
>
> 3. If I create a new Web folder that points to
> https://serverort/virtual
> Everything works fine.
>
> I am sure that this is either a bug in Internet Explorer 6 / Windows
> Explorer or in IIS 6.
>
> End of Report.
>
> George Valkov
>
>
>

Hi Miha,
In general I can assign any free TCP port number for the SSL and It will
work fine. I don't want to provide You with the exact port number for
security reasons.

As I wrote before it's either that IIS provides a wrong address to the
client, or Internet Explorer is having difficulties navigating to virtual
directories.


"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi George,
>
> In https://serverort/virtual/ what did you enter for port? What is
defined
> for SSL port on IIS?
>
> Mike
>
> "George Valkov" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Windows 2003 Server Enterprise edition.
> > A valid server certificate is installed.
> > I can establish connection to
> > https://serverort/
> > and then read/write files and folders to it.
> >
> > I created a new virtual folder on the server
> > https://serverort/virtual/
> > When I double click on it, Internet Explorer, it tries to open
> > http://server/virtual/
> > It asks me for password again, and when I type the password, it displays
> an
> > error:
> > The folder http://server/virtual is no longer available.
> >
> > 1. Note the difference:
> > The file transfer site is on a custom port and requires HTTPS.
> > Internet Explorer tries to connect to a completely different web site.
> >
> > 2. If I connect to
> > https://serverort/
> > without using Web Folders, I can click the link to the virtual folder
and
> > view it's content - It looks like a web page with hyper links to files
and
> > folders.
> >
> > 3. If I create a new Web folder that points to
> > https://serverort/virtual
> > Everything works fine.
> >
> > I am sure that this is either a bug in Internet Explorer 6 / Windows
> > Explorer or in IIS 6.
> >
> > End of Report.
> >
> > George Valkov
> >
> >
> >
>
>

Set your SSL port in IIS as you like then in IE enter only
http://server:SSL_port/virtual... or
https://server/virtual but not https://serverort/virutal.

I can understand that you don't want to give out SSL port for security
reason, but also note that it is very easily to figure out on what ports
your servers listens on...

I hope this helps,

Mike

"George Valkov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Miha,
> In general I can assign any free TCP port number for the SSL and It will
> work fine. I don't want to provide You with the exact port number for
> security reasons.
>
> As I wrote before it's either that IIS provides a wrong address to the
> client, or Internet Explorer is having difficulties navigating to virtual
> directories.
>
>
> "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi George,
> >
> > In https://serverort/virtual/ what did you enter for port? What is
> defined
> > for SSL port on IIS?
> >
> > Mike
> >
> > "George Valkov" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Windows 2003 Server Enterprise edition.
> > > A valid server certificate is installed.
> > > I can establish connection to
> > > https://serverort/
> > > and then read/write files and folders to it.
> > >
> > > I created a new virtual folder on the server
> > > https://serverort/virtual/
> > > When I double click on it, Internet Explorer, it tries to open
> > > http://server/virtual/
> > > It asks me for password again, and when I type the password, it
displays
> > an
> > > error:
> > > The folder http://server/virtual is no longer available.
> > >
> > > 1. Note the difference:
> > > The file transfer site is on a custom port and requires HTTPS.
> > > Internet Explorer tries to connect to a completely different web site.
> > >
> > > 2. If I connect to
> > > https://serverort/
> > > without using Web Folders, I can click the link to the virtual folder
> and
> > > view it's content - It looks like a web page with hyper links to files
> and
> > > folders.
> > >
> > > 3. If I create a new Web folder that points to
> > > https://serverort/virtual
> > > Everything works fine.
> > >
> > > I am sure that this is either a bug in Internet Explorer 6 / Windows
> > > Explorer or in IIS 6.
> > >
> > > End of Report.
> > >
> > > George Valkov
> > >
> > >
> > >
> >
> >
>
>

"George Valkov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Miha,
> In general I can assign any free TCP port number for the SSL and It will
> work fine. I don't want to provide You with the exact port number for
> security reasons.

I'm not sure about the original problem, but using SSL on non-standard ports
is in itself a security risk and most proxy servers are hardcoded to only
allow SSL on the standard 443 port. The security of SSL is based on the
abilities of SSL itself and not by being used on a "secret" port. Here's is
a quote from one article on that subject. It originated from Netscape
Communications Corporation. The first of the three links below is the link
to the full article.

"CONNECT is really a lower-level function than the rest of the HTTP methods,
kind of an escape mechanism for saying that the proxy should not interfere
with the transaction, but merely forward the data. This is because the proxy
should not need to know the entire URI that is being accessed (privacy,
security), only the information that it explicitly needs (hostname and port
number). Due to this fact, the proxy cannot verify that the protocol being
spoken is really SSL, and so the proxy configuration should explicitly limit
allowed connections to well-known SSL ports (such as 443 for HTTPS, 563 for
SNEWS, as assigned by the Internet Assigned Numbers Authority). "

Tunneling SSL Through a WWW Proxy
http://muffin.doit.org/docs/rfc/tunneling_ssl.html
(For Proxy2)
184028 - Error Message: 12204 SSL Port Specified Is Not Allowed
http://support.microsoft.com/default...en-us%3b184028
(For ISA)
283284 - Blank Page or Page Cannot Be Displayed When You View SSL Sites
Through ISA Server
http://support.microsoft.com/default...4&Product=ISAS


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The Server is for the local area network only. There are no proxy servers.
It has more that one web sites. And because 443 is already in use, I have to
use another port.

I logon locally on the HTTPS server's console and connect to
https://serverort/
1. If the address is typed in the address bar of Internet Explorer, I can
navigate to any subfolder - there is no problem with the virtual
directories.
2. If I use Web Folders to view the content as folders, When I double click
on a virtual directory, Internet Explorer will try open
http://server/virtual
instead of
https://serverort/virtual/
That's why it displays an error message.
I think that Microsoft should investigate this problem and fix it as an
update for Windows.

If You have a HTTPS server running IIS 6 in hand You may try to reproduce
the error.



news:(E-Mail Removed)...
> "George Valkov" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi Miha,
> > In general I can assign any free TCP port number for the SSL and It will
> > work fine. I don't want to provide You with the exact port number for
> > security reasons.
>
> I'm not sure about the original problem, but using SSL on non-standard
ports
> is in itself a security risk and most proxy servers are hardcoded to only
> allow SSL on the standard 443 port. The security of SSL is based on the
> abilities of SSL itself and not by being used on a "secret" port. Here's
is
> a quote from one article on that subject. It originated from Netscape
> Communications Corporation. The first of the three links below is the link
> to the full article.
>
> "CONNECT is really a lower-level function than the rest of the HTTP
methods,
> kind of an escape mechanism for saying that the proxy should not interfere
> with the transaction, but merely forward the data. This is because the
proxy
> should not need to know the entire URI that is being accessed (privacy,
> security), only the information that it explicitly needs (hostname and
port
> number). Due to this fact, the proxy cannot verify that the protocol being
> spoken is really SSL, and so the proxy configuration should explicitly
limit
> allowed connections to well-known SSL ports (such as 443 for HTTPS, 563
for
> SNEWS, as assigned by the Internet Assigned Numbers Authority). "
>
> Tunneling SSL Through a WWW Proxy
> http://muffin.doit.org/docs/rfc/tunneling_ssl.html
> (For Proxy2)
> 184028 - Error Message: 12204 SSL Port Specified Is Not Allowed
> http://support.microsoft.com/default...en-us%3b184028
> (For ISA)
> 283284 - Blank Page or Page Cannot Be Displayed When You View SSL Sites
> Through ISA Server
>
http://support.microsoft.com/default...4&Product=ISAS
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

"George Valkov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The Server is for the local area network only. There are no proxy servers.
> It has more that one web sites. And because 443 is already in use, I have
to
> use another port.

OK. I see.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com