You cannot enter a port number in the SSL port box in the Identification dialog box for a secondary HTTP protocol server in Exchange Server 2003 (904785)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition

SYMPTOMS

Consider the following scenario. You use Exchange System Manager to create a secondary HTTP protocol server in Microsoft Exchange Server 2003. Then, you enter a port number in the TCP port box in the Identification dialog box. In this scenario, you cannot enter a port number in the SSL port box in the Identification dialog box. The SSL port box is unavailable.

CAUSE

This issue occurs because you cannot enter the TCP port and the SSL port at the same time in the Identification dialog box.

RESOLUTION

To resolve this issue, follow these steps:
  1. Start Exchange System Manager.
  2. Expand Administrative Groups, expand Administrative_Group_Name, expand Servers, and then expand Your_Server_Name.
  3. Expand Protocols, expand HTTP, right-click the secondary HTTP virtual server that you created, and then click Properties.
  4. Click Advanced, and then click Add.
  5. If you want to add a specific IP address binding, click the appropriate IP address in the IP address list.

    Do not type anything in the Host name box.
  6. Delete the number in the TCP port box. The SSL port box is now available.
  7. In the SSL port box, type 443, and then click OK.
  8. Click Yes, and then click OK two times.
  9. Quit Exchange System Manager.
After you perform this procedure, the SSL definition is set in Active Directory. The SSL definition is contained in the msExchSecureBinding attribute. To make SSL functional, you must use Microsoft Internet Information Services (IIS) Manager to apply the appropriate Web server certificate to the new HTTP protocol virtual server.

Important The SSL binding may be removed if either of the following conditions is true:
  • You do not use Exchange System Manager to set the msExchSecureBinding attribute in Active Directory.
  • You do not use a tool such as the Active Directory Service Interfaces (ADSI) editor to directly set the msExchSecureBinding attribute in Active Directory.
The SSL binding is removed if you use IIS Manager to set the msExchSecureBinding attribute. After the Exchange server is restarted or after an Exchange service is restarted, the value in the metabase is overwritten with the value in Active Directory.

MORE INFORMATION

This issue also applies to the default HTTP protocol servers that are created for use in an Exchange Server 2003-based cluster environment. In an Exchange Server 2003-based cluster environment, the default HTTP protocol servers are implemented as secondary HTTP protocol virtual servers.

The SSL settings on HTTP protocol servers that depend on the default Web site are configured in IIS Manager and not in Exchange System Manager. Therefore, these servers are not affected by this issue.

REFERENCES

For more information about how to configure SSL for Exchange virtual servers, click the following article numbers to view the articles in the Microsoft Knowledge Base:

234022 Configuring Exchange OWA to use SSL

320291 Turning on SSL for Exchange 2000 Server Outlook Web Access

Modification Type:MinorLast Reviewed:8/19/2005
Keywords:kbtshoot kbprb KB904785 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.