Today I watch the “Using Host Headers with SSL-enabled Web Sites in IIS 6.0” web cast delivered by Chris Adams from Microsoft.  It was a pretty good session overall and was xxx long.  It started out a bit slow as it brought the “audience” up to speed on what Host Headers are before the real meat of the session was covered.  There was a fair amount of time discussing how DNS works and IIS Bindings.   The majority of the web cast was host header related topics and not just how it works with SSL.  I would rate this is a great session for a new web administrator, but not very helpful for the more advanced IIS pro (I think that was the intent of the web cast).

So to sum up the web cast (for SSL), Windows Server 2003/IIS 6 with Service Pack 1 allows for SSL to work with Host Headers, but previous Windows Server/IIS versions do not!

Watch the web cast: http://www.iis.net/default.aspx?tabid=2&subtabid=26&i=18

Notes

• Host Headers are an application layer feature
• Host Headers offer web administrators the ability to host multiple sites using one IP Address
• The Host Helper service that ships with the IIS Resource Kit (URL below),  can run as a service (or run on demand from the command line) that will update the host header changes found in IIS and update the Wins/DNS servers for a corporate environment.  This is not intended or even useful for a Service Provider as the tool won’t work if there is a period in the host header name.  The service will only create A and PTR records.
• The HTTP.sys stores its configuration information in the registry: HKLM\System\CurrentControlSet\Service\HTTP
• Any restart of the HTTP.sys (net stop http) causes w3svc to be stopped as well.  When you start the HTTP.sys service, the w3svc is not automatically restarted.
• Chris used the httpcfg tool, but didn’t note that you must install the Windows Server 2003 support tools to gain access to this utility.   (After installation, the default location of the tool is: C\Program Files\Support Tools)
• By default, the HTTP Listen list is not defined.  When you run “httpcfg query iplist –I” from the command line, the returned result will be “HttpQueryServiceConfiguration completed with 1168”.  This shows that  that the IP List is not enabled for HTTP.
• To enable the HTTP IP Listen List (aka HTTP Bindings), then you’ll run the following “httpcfg set iplisten –i <IP Address>”, the results (if successful) is “HttpQueryServiceConfiguration completed with 0”.  Once this is done, you should see a new key (ListenOnlyList) in the registry (HKLM\System\CurrentControlSet\Service\HTTP\Parameters\) which is a “REG_MULTI_SZ” type.  At this point, the web server will ONLY listen to this address.  This command will take in any address, even if it’s not valid for that server.

Site References

• Microsoft Support: Use Host Header Names to Host Multiple Sites from One IP Address: http://support.microsoft.com/?id=190008
• Microsoft Support: HTTP 1.1 host headers are not supported when you use SSL: http://support.microsoft.com/?id=187504
• Microsoft Support: Event ID 115 When Using Host Headers With IIS: http://support.microsoft.com/?ID=186810
• Microsoft Support: Event ID 115 Occurs When You Attempt to Connect to a Web Site by Using HTTPS http://support.microsoft.com/?ID=284984
• Microsoft Download: Internet Information Services (IIS) 6.0 Resource Kit Tools: http://www.microsoft.com/downloads/details.aspx?FamilyId=56fc92ee-a71a-4c73-b628-ade629c89499
• Microsoft Support: Setting metabase property DisableSocketPooling has no effect: http://support.microsoft.com/?kbid=813368
• Microsoft Technet: Httpcfg Overview:  http://technet2.microsoft.com/WindowsServer/en/Library/e17527d2-105a-451f-8e3f-d515479527011033.mspx?mfr=true
• Microsoft Downloads: Windows Server 2003 Service Pack 1 32-bit Support Tools: http://www.microsoft.com/downloads/details.aspx?familyid=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en