IIS 6 empty response for HTTPS requests

httpsiis-6

I am attempting to setup an IIS6 server with one website (dedicated IP) for HTTPS access using a self-signed certificate.

Any request via HTTPS results in an empty (zero size) response with this somewhat strange status

HTTP/0.9 200 OK

Nothing weird in the request format, just a regular request from the browser (Firefox in this example)

GET https://server-name/ HTTP/1.1
Host: server-name
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive

There are no proxies between client and server.

HTTP requests are working as expected.

There was a slight hiccup installing the CA certificate (the admin installed it to the wrong account) but this has been fixed.

I've run everything through SSLDiag and it's coming back rosy.

I'm no Windows admin (developer by trade) and the admin here is not very familiar with IIS or the certificate process and is as stumped as I am.

Here's an IIS log extract which shows IIS is indeed seeing the requests

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2011-08-16 01:21:31
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 
2011-08-16 01:21:31 10.40.149.87 GET / - 443 - 10.40.109.22 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+InfoPath.3;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727) 200 0 2
2011-08-16 01:22:54 10.40.149.87 GET / - 443 - 10.40.109.22 Fiddler 200 0 2

Best Answer

IIS 6.0 can return HTTP/0.9 responses, but it really shouldn't be. I have a strong suspicion that IIS isn't what's answering your request. (A long shot, but that's the best I can come up with.) Run netstat -a -n -o | find ":443 " and verify that the PID returned for the listener on TCP port 443 (far right column) corresponds to the "System" process (PID 4). If it doesn't, investigate the PID of the process that was returned to find out what's listening on port 443.

The other thing to look at would be the IIS logs. You should be seeing entries corresponding to your attempted accesses. If you don't then I'd say something else is getting in the way.

Are there any odd ISAPI filters or extensions installed?

Related Topic