Multiple Websites on one server - need SSL

We have multiple Websites on one server (IIS) and one appache (tomcat) also
on the same server.

This has worked fine until now. We need secure pages on all the Websites.
We can handle the multiple Websites on IIS by adding a different address on
the NIC card and adding one of the address to each Web Site. Then all the
Websites can share port 443.

But can we do the same with Apache? Can we have the Apache sharing 443 on
the same Web Server as IIS? I assume you can't as you can only have one
application listening on each port. If there is a way around this without
having to buy another server we would be thrilled.

Thanks,

Tom

Kristofer
Tue Jan 16 10:59:14 CST 2007

I don't know how Apache works, but applications in general bind to IP
address and port number. So i cannot see any problem with your setup, just
add another IP address and assign it to Apache and you should be fine.


--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


tshad wrote:

>We have multiple Websites on one server (IIS) and one appache (tomcat)
>also on the same server.
>
>This has worked fine until now. We need secure pages on all the Websites.
>We can handle the multiple Websites on IIS by adding a different address
>on the NIC card and adding one of the address to each Web Site. Then all
>the Websites can share port 443.
>
>But can we do the same with Apache? Can we have the Apache sharing 443 on
>the same Web Server as IIS? I assume you can't as you can only have one
>application listening on each port. If there is a way around this without
>having to buy another server we would be thrilled.
>
>Thanks,
>
>Tom

tshad
Tue Jan 16 12:43:15 CST 2007

"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
news:xn0f1aa7c2xtc60008@news.microsoft.com...
>I don't know how Apache works, but applications in general bind to IP
>address and port number. So i cannot see any problem with your setup, just
>add another IP address and assign it to Apache and you should be fine.

That was the confusion we were running into.

I had thought that only one application (service) on a machine can listen on
one port (having nothing to do with the IP). I know that an IP and Port
Number constitute a socket.

But if you could have more than one application listening on a port, does
that mean that if I have SMTP running on a machine I could add another IP
address to my NIC and have my application listen on Port 25 (what SMTP uses)
but on the other IP Address.

Thanks,

Tom
>
>
> --
> Regards,
> Kristofer Gafvert
> http://www.gafvert.info/iis/ - IIS Related Info
>
>
> tshad wrote:
>
>>We have multiple Websites on one server (IIS) and one appache (tomcat)
>>also on the same server.
>>
>>This has worked fine until now. We need secure pages on all the Websites.
>>We can handle the multiple Websites on IIS by adding a different address
>>on the NIC card and adding one of the address to each Web Site. Then all
>>the Websites can share port 443.
>>
>>But can we do the same with Apache? Can we have the Apache sharing 443 on
>>the same Web Server as IIS? I assume you can't as you can only have one
>>application listening on each port. If there is a way around this without
>>having to buy another server we would be thrilled.
>>
>>Thanks,
>>
>>Tom

Kristofer
Tue Jan 16 13:43:23 CST 2007

Yes, in general, that is how things works.

I do know however that IIS binds to all IP addresses by default (for
performance i think). So for this to work with IIS, you may want to look
at this KB Article:


http://support.microsoft.com/kb/813368/EN-US/

--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


tshad wrote:

>"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
>news:xn0f1aa7c2xtc60008@news.microsoft.com...
>>I don't know how Apache works, but applications in general bind to IP
>>address and port number. So i cannot see any problem with your setup, just
>>add another IP address and assign it to Apache and you should be fine.
>
>That was the confusion we were running into.
>
>I had thought that only one application (service) on a machine can listen
>on one port (having nothing to do with the IP). I know that an IP and
>Port Number constitute a socket.
>
>But if you could have more than one application listening on a port, does
>that mean that if I have SMTP running on a machine I could add another IP
>address to my NIC and have my application listen on Port 25 (what SMTP
>uses) but on the other IP Address.
>
>Thanks,
>
>Tom
>>
>>
>>-- Regards,
>>Kristofer Gafvert
>>http://www.gafvert.info/iis/ - IIS Related Info
>>
>>
>>tshad wrote:
>>
>>>We have multiple Websites on one server (IIS) and one appache (tomcat)
>>>also on the same server.
>>>
>>>This has worked fine until now. We need secure pages on all the Websites.
>>>We can handle the multiple Websites on IIS by adding a different address
>>>on the NIC card and adding one of the address to each Web Site. Then all
>>>the Websites can share port 443.
>>>
>>>But can we do the same with Apache? Can we have the Apache sharing 443 on
>>>the same Web Server as IIS? I assume you can't as you can only have one
>>>application listening on each port. If there is a way around this without
>>>having to buy another server we would be thrilled.
>>>
>>>Thanks,
>>>
>>>Tom

tshad
Tue Jan 16 15:36:38 CST 2007

"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
news:xn0f1aejv33ocwg00a@news.microsoft.com...
> Yes, in general, that is how things works.
>
> I do know however that IIS binds to all IP addresses by default (for
> performance i think). So for this to work with IIS, you may want to look
> at this KB Article:
>
> http://support.microsoft.com/kb/813368/EN-US/

According to the article - normally, you can't do that (bind to multiple
addresses) - but now with W2K3 you may be able to do it if you run a
utility. What is interesting is that the utility is httpcfg.exe. That would
suggest Web (http). Is this the case for all ports or just specific ports?
Also, does it work with Apache also. Not sure here.

But as I was reading it:

As I was reading this, it seems that it is specifically tied to IIS to allow
it to listen to multiple ports. It says it binds to all ports by default
(not sure what this means) and in II6 this is allowed to be disabled so that
services that that need a specific port can get it. Not sure if this is an
issue or not.

Thanks,

Tom
>
> --
> Regards,
> Kristofer Gafvert
> http://www.gafvert.info/iis/ - IIS Related Info
>
>
> tshad wrote:
>
>>"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
>>news:xn0f1aa7c2xtc60008@news.microsoft.com...
>>>I don't know how Apache works, but applications in general bind to IP
>>>address and port number. So i cannot see any problem with your setup,
>>>just add another IP address and assign it to Apache and you should be
>>>fine.
>>
>>That was the confusion we were running into.
>>
>>I had thought that only one application (service) on a machine can listen
>>on one port (having nothing to do with the IP). I know that an IP and
>>Port Number constitute a socket.
>>
>>But if you could have more than one application listening on a port, does
>>that mean that if I have SMTP running on a machine I could add another IP
>>address to my NIC and have my application listen on Port 25 (what SMTP
>>uses) but on the other IP Address.
>>
>>Thanks,
>>
>>Tom
>>>
>>>
>>>-- Regards,
>>>Kristofer Gafvert
>>>http://www.gafvert.info/iis/ - IIS Related Info
>>>
>>>
>>>tshad wrote:
>>>
>>>>We have multiple Websites on one server (IIS) and one appache (tomcat)
>>>>also on the same server.
>>>>
>>>>This has worked fine until now. We need secure pages on all the
>>>>Websites. We can handle the multiple Websites on IIS by adding a
>>>>different address on the NIC card and adding one of the address to each
>>>>Web Site. Then all the Websites can share port 443.
>>>>
>>>>But can we do the same with Apache? Can we have the Apache sharing 443
>>>>on the same Web Server as IIS? I assume you can't as you can only have
>>>>one application listening on each port. If there is a way around this
>>>>without having to buy another server we would be thrilled.
>>>>
>>>>Thanks,
>>>>
>>>>Tom

Daniel
Wed Jan 17 06:41:33 CST 2007

tshad wrote on Tue, 16 Jan 2007 13:36:38 -0800:

> As I was reading this, it seems that it is specifically tied to IIS to
> allow it to listen to multiple ports. It says it binds to all ports by
> default (not sure what this means) and in II6 this is allowed to be
> disabled so that services that that need a specific port can get it. Not
> sure if this is an issue or not.

By default IIS6 will bind to all IP addresses on the machine on the ports it
uses for handling requests. The article shows how to change this so it only
binds to the IP addresses that you tell httpcfg that you want IIS to bind
to. So say you have 5 IP addresses on the machine, and want IIS6 to bind to
just 4 of them, add all 4 using httpcfg. Start up IIS and it will bind to
just those 4, so you should then be able to configure Apache to bind to the
5th IP address. In this way IIS can handle requests on port 80 on the 4 IP
addresses it is configured to listen on, and Apache can handle requests on
port 80 on the 5th.

Dan

tshad
Wed Jan 17 11:00:37 CST 2007

"Daniel Crichton" <msnews@worldofspack.com> wrote in message
news:%239CZTTjOHHA.4940@TK2MSFTNGP03.phx.gbl...
> tshad wrote on Tue, 16 Jan 2007 13:36:38 -0800:
>
>> As I was reading this, it seems that it is specifically tied to IIS to
>> allow it to listen to multiple ports. It says it binds to all ports by
>> default (not sure what this means) and in II6 this is allowed to be
>> disabled so that services that that need a specific port can get it. Not
>> sure if this is an issue or not.
>
> By default IIS6 will bind to all IP addresses on the machine on the ports
> it uses for handling requests. The article shows how to change this so it
> only binds to the IP addresses that you tell httpcfg that you want IIS to
> bind to. So say you have 5 IP addresses on the machine, and want IIS6 to
> bind to just 4 of them, add all 4 using httpcfg. Start up IIS and it will
> bind to just those 4, so you should then be able to configure Apache to
> bind to the 5th IP address. In this way IIS can handle requests on port 80
> on the 4 IP addresses it is configured to listen on, and Apache can handle
> requests on port 80 on the 5th.

Oh. I misread it. I thought it said it bounded to all PORTS not all IP
addresses. That makes more sense.

So you are saying that an application CAN listen on the same port as another
application if the IP addresses are different? So you can listen on port 25
(when SMTP is installed) with a different application if the IP address is
different than the one SMTP is using?

Thanks,

Tom
>
> Dan
>

tshad
Wed Jan 17 11:47:38 CST 2007

"tshad" <tscheiderich@ftsolutions.com> wrote in message
news:OMH4EklOHHA.3544@TK2MSFTNGP03.phx.gbl...
> "Daniel Crichton" <msnews@worldofspack.com> wrote in message
> news:%239CZTTjOHHA.4940@TK2MSFTNGP03.phx.gbl...
>> tshad wrote on Tue, 16 Jan 2007 13:36:38 -0800:
>>
>>> As I was reading this, it seems that it is specifically tied to IIS to
>>> allow it to listen to multiple ports. It says it binds to all ports by
>>> default (not sure what this means) and in II6 this is allowed to be
>>> disabled so that services that that need a specific port can get it.
>>> Not sure if this is an issue or not.
>>
>> By default IIS6 will bind to all IP addresses on the machine on the ports
>> it uses for handling requests. The article shows how to change this so it
>> only binds to the IP addresses that you tell httpcfg that you want IIS to
>> bind to. So say you have 5 IP addresses on the machine, and want IIS6 to
>> bind to just 4 of them, add all 4 using httpcfg. Start up IIS and it will
>> bind to just those 4, so you should then be able to configure Apache to
>> bind to the 5th IP address. In this way IIS can handle requests on port
>> 80 on the 4 IP addresses it is configured to listen on, and Apache can
>> handle requests on port 80 on the 5th.
>
> Oh. I misread it. I thought it said it bounded to all PORTS not all IP
> addresses. That makes more sense.
>
> So you are saying that an application CAN listen on the same port as
> another application if the IP addresses are different? So you can listen
> on port 25 (when SMTP is installed) with a different application if the IP
> address is different than the one SMTP is using?

I just did a test where I added an address to my server. The address was
10.0.5.2 and I added 10.0.5.10 to the same Nic card.

I did a 'Netstat -an |find /i "listening" ' to see what ports were open:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\tfs>netstat -an | find /i "listening"
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1047 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1062 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10000 0.0.0.0:0 LISTENING
TCP 0.0.0.0:30246 0.0.0.0:0 LISTENING
TCP 10.0.3.5:139 0.0.0.0:0 LISTENING
TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING

C:\Documents and Settings\tfs>

I then did a telnet 10.0.5.2 portnumber for each port and then did the same
for 10.0.5.10 and all were open for both IP addresses.

This would seem to say that the ports are not tied to the IP Address but to
the server itself (ie. one port 25 for the server regardless of how many IP
addresses are there).

If this is the case, it seems that you cannot run IIS and Tomcat on the same
port even if they are tied to a different address.

Is this the case?

Thanks,

Tom
>
> Thanks,
>
> Tom
>>
>> Dan
>>
>
>

David
Wed Jan 17 22:38:35 CST 2007

It's because the SMTP binding is for 0.0.0.0:25 -- which means "traffic
to port 25 for all IP of the server goes to one application process
that opened it as 0.0.0.0:25".

If the binding was 10.0.3.5:25 for one application, another application
can bind to 10.0.3.10:25.

What IP and Port are your IIS websites and Tomcat websites bound to?


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



tshad wrote:
> "tshad" <tscheiderich@ftsolutions.com> wrote in message
> news:OMH4EklOHHA.3544@TK2MSFTNGP03.phx.gbl...
> > "Daniel Crichton" <msnews@worldofspack.com> wrote in message
> > news:%239CZTTjOHHA.4940@TK2MSFTNGP03.phx.gbl...
> >> tshad wrote on Tue, 16 Jan 2007 13:36:38 -0800:
> >>
> >>> As I was reading this, it seems that it is specifically tied to IIS to
> >>> allow it to listen to multiple ports. It says it binds to all ports by
> >>> default (not sure what this means) and in II6 this is allowed to be
> >>> disabled so that services that that need a specific port can get it.
> >>> Not sure if this is an issue or not.
> >>
> >> By default IIS6 will bind to all IP addresses on the machine on the ports
> >> it uses for handling requests. The article shows how to change this so it
> >> only binds to the IP addresses that you tell httpcfg that you want IIS to
> >> bind to. So say you have 5 IP addresses on the machine, and want IIS6 to
> >> bind to just 4 of them, add all 4 using httpcfg. Start up IIS and it will
> >> bind to just those 4, so you should then be able to configure Apache to
> >> bind to the 5th IP address. In this way IIS can handle requests on port
> >> 80 on the 4 IP addresses it is configured to listen on, and Apache can
> >> handle requests on port 80 on the 5th.
> >
> > Oh. I misread it. I thought it said it bounded to all PORTS not all IP
> > addresses. That makes more sense.
> >
> > So you are saying that an application CAN listen on the same port as
> > another application if the IP addresses are different? So you can listen
> > on port 25 (when SMTP is installed) with a different application if the IP
> > address is different than the one SMTP is using?
>
> I just did a test where I added an address to my server. The address was
> 10.0.5.2 and I added 10.0.5.10 to the same Nic card.
>
> I did a 'Netstat -an |find /i "listening" ' to see what ports were open:
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\tfs>netstat -an | find /i "listening"
> TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1047 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1062 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:10000 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:30246 0.0.0.0:0 LISTENING
> TCP 10.0.3.5:139 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
>
> C:\Documents and Settings\tfs>
>
> I then did a telnet 10.0.5.2 portnumber for each port and then did the same
> for 10.0.5.10 and all were open for both IP addresses.
>
> This would seem to say that the ports are not tied to the IP Address but to
> the server itself (ie. one port 25 for the server regardless of how many IP
> addresses are there).
>
> If this is the case, it seems that you cannot run IIS and Tomcat on the same
> port even if they are tied to a different address.
>
> Is this the case?
>
> Thanks,
>
> Tom
> >
> > Thanks,
> >
> > Tom
> >>
> >> Dan
> >>
> >
> >

Daniel
Thu Jan 18 02:37:32 CST 2007

tshad wrote on Wed, 17 Jan 2007 09:47:38 -0800:

> "tshad" <tscheiderich@ftsolutions.com> wrote in message news:OMH4EklOHHA.3544@TK2MSFTNGP03.phx.gbl...
>> "Daniel Crichton" <msnews@worldofspack.com> wrote in message news:%239CZTTjOHHA.4940@TK2MSFTNGP03.phx.gbl...
>>> tshad wrote on Tue, 16 Jan 2007 13:36:38 -0800:
>>>
>>>> As I was reading this, it seems that it is specifically tied to IIS to
>>>> allow it to listen to multiple ports. It says it binds to all ports by
>>>> default (not sure what this means) and in II6 this is allowed to be
>>>> disabled so that services that that need a specific port can get it.
>>>> Not sure if this is an issue or not.
>>>
>>> By default IIS6 will bind to all IP addresses on the machine on the
>>> ports it uses for handling requests. The article shows how to change
>>> this so it only binds to the IP addresses that you tell httpcfg that you
>>> want IIS to bind to. So say you have 5 IP addresses on the machine, and
>>> want IIS6 to bind to just 4 of them, add all 4 using httpcfg. Start up
>>> IIS and it will bind to just those 4, so you should then be able to
>>> configure Apache to bind to the 5th IP address. In this way IIS can
>>> handle requests on port 80 on the 4 IP addresses it is configured to
>>> listen on, and Apache can handle requests on port 80 on the 5th.
>>
>> Oh. I misread it. I thought it said it bounded to all PORTS not all IP
>> addresses. That makes more sense.
>>
>> So you are saying that an application CAN listen on the same port as
>> another application if the IP addresses are different? So you can listen
>> on port 25 (when SMTP is installed) with a different application if the
>> IP address is different than the one SMTP is using?
>
> I just did a test where I added an address to my server. The address was
> 10.0.5.2 and I added 10.0.5.10 to the same Nic card.
>
> I did a 'Netstat -an |find /i "listening" ' to see what ports were open:
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\tfs>netstat -an | find /i "listening"
> TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1047 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1062 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:10000 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:30246 0.0.0.0:0 LISTENING
> TCP 10.0.3.5:139 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
>
> C:\Documents and Settings\tfs>
>
> I then did a telnet 10.0.5.2 portnumber for each port and then did the
> same for 10.0.5.10 and all were open for both IP addresses.
>
> This would seem to say that the ports are not tied to the IP Address but
> to the server itself (ie. one port 25 for the server regardless of how
> many IP addresses are there).
>
> If this is the case, it seems that you cannot run IIS and Tomcat on the
> same port even if they are tied to a different address.
>
> Is this the case?

Read the article on the MS site again. You need to run httpcfg to change IIS
to only bind to specific IP addresses. Once you've done this you can then
run Tomcat on the IP address you didn't bind to IIS. Until you use the
httpcfg utility to do this, IIS will continue to bind to all IP addresses.

Dan

tshad
Thu Jan 18 18:37:47 CST 2007

I got it to work last night on my test W2K3 Server.

What happens is IIS does bind to all addresses. This was a little hard to
see at first, as when I did "netstat -an| find /i "listening" to see what
ports were listening, it wasn't showing an address for any of the
connections. What was really happening was that the services were setting
up the listeners on ALL IP Addresses. IIS, DNS, SMTP, Apache were all doing
this. In IIS this is called Socket Pooling. It will grab all addresses,
even if you specify different address for each web site.

Apache does the same thing by default but if you add the address into the
connector line it will only bind to that address. That takes care of the
Apache issue.

But IIS will connect to all addresses even if you specifically set each
website to be a different address. In our case, if we set up 10 addresses on
the Nic card and set up our 4 web sites to access 4 of the address, it will
still grab all the addresses - preventing Apache from running. If we
manually start Apache to grab one of the addresses not used by IIS first
(from the Services window) and then start IIS - IIS will fail. The web
server will show as started but it won't handle any of the pages because if
one listener fails they all seem to fail.

You were right about the httpcfg.exe which you can run to set up a listener
list. I assume what happens is that IIS will look for a listener list and if
it finds it, it will only bind to the addresses on the list. If there is no
list it will bind to all addresses. I tested this at home on a W2K3 Server
that I set up. I set up 4 addresses on my Nic card. I put all the address
except the one that Apache will use and that worked perfect. It doesn't
matter what order they start in as IIS won't even look at the Apache
address.

Before IIS6, they had Socket Pooling also. Although they do have a way to
stop the Socket Pooling for IIS, it isn't the listener list that II6 uses.
You apparently just turn Socket Pooling off for IIS. I assume it will then
look at the Web Sites you have defined and only connect to the Addresses you
have set up there if you turn Pooling off. You apparently do it by issuing
the following command:

cscript adsutil.vbs set w3svc/disablesocketpooling true

Since this isn't an issue for us, I didn't try it.

Thanks,

Tom

"Daniel Crichton" <msnews@worldofspack.com> wrote in message
news:OwX%23mvtOHHA.4604@TK2MSFTNGP06.phx.gbl...
> tshad wrote on Wed, 17 Jan 2007 09:47:38 -0800:
>
>> "tshad" <tscheiderich@ftsolutions.com> wrote in message
>> news:OMH4EklOHHA.3544@TK2MSFTNGP03.phx.gbl...
>>> "Daniel Crichton" <msnews@worldofspack.com> wrote in message
>>> news:%239CZTTjOHHA.4940@TK2MSFTNGP03.phx.gbl...
>>>> tshad wrote on Tue, 16 Jan 2007 13:36:38 -0800:
>>>>
>>>>> As I was reading this, it seems that it is specifically tied to IIS to
>>>>> allow it to listen to multiple ports. It says it binds to all ports by
>>>>> default (not sure what this means) and in II6 this is allowed to be
>>>>> disabled so that services that that need a specific port can get it.
>>>>> Not sure if this is an issue or not.
>>>>
>>>> By default IIS6 will bind to all IP addresses on the machine on the
>>>> ports it uses for handling requests. The article shows how to change
>>>> this so it only binds to the IP addresses that you tell httpcfg that
>>>> you
>>>> want IIS to bind to. So say you have 5 IP addresses on the machine, and
>>>> want IIS6 to bind to just 4 of them, add all 4 using httpcfg. Start up
>>>> IIS and it will bind to just those 4, so you should then be able to
>>>> configure Apache to bind to the 5th IP address. In this way IIS can
>>>> handle requests on port 80 on the 4 IP addresses it is configured to
>>>> listen on, and Apache can handle requests on port 80 on the 5th.
>>>
>>> Oh. I misread it. I thought it said it bounded to all PORTS not all IP
>>> addresses. That makes more sense.
>>>
>>> So you are saying that an application CAN listen on the same port as
>>> another application if the IP addresses are different? So you can
>>> listen
>>> on port 25 (when SMTP is installed) with a different application if the
>>> IP address is different than the one SMTP is using?
>>
>> I just did a test where I added an address to my server. The address was
>> 10.0.5.2 and I added 10.0.5.10 to the same Nic card.
>>
>> I did a 'Netstat -an |find /i "listening" ' to see what ports were open:
>>
>> Microsoft Windows [Version 5.2.3790]
>> (C) Copyright 1985-2003 Microsoft Corp.
>>
>> C:\Documents and Settings\tfs>netstat -an | find /i "listening"
>> TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1047 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1062 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:10000 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:30246 0.0.0.0:0 LISTENING
>> TCP 10.0.3.5:139 0.0.0.0:0 LISTENING
>> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
>>
>> C:\Documents and Settings\tfs>
>>
>> I then did a telnet 10.0.5.2 portnumber for each port and then did the
>> same for 10.0.5.10 and all were open for both IP addresses.
>>
>> This would seem to say that the ports are not tied to the IP Address but
>> to the server itself (ie. one port 25 for the server regardless of how
>> many IP addresses are there).
>>
>> If this is the case, it seems that you cannot run IIS and Tomcat on the
>> same port even if they are tied to a different address.
>>
>> Is this the case?
>
> Read the article on the MS site again. You need to run httpcfg to change
> IIS to only bind to specific IP addresses. Once you've done this you can
> then run Tomcat on the IP address you didn't bind to IIS. Until you use
> the httpcfg utility to do this, IIS will continue to bind to all IP
> addresses.
>
> Dan
>

Daniel
Mon Jan 22 03:20:52 CST 2007

tshad wrote on Thu, 18 Jan 2007 16:37:47 -0800:

> I got it to work last night on my test W2K3 Server.
>
> What happens is IIS does bind to all addresses. This was a little hard to
> see at first, as when I did "netstat -an| find /i "listening" to see what
> ports were listening, it wasn't showing an address for any of the
> connections. What was really happening was that the services were setting
> up the listeners on ALL IP Addresses. IIS, DNS, SMTP, Apache were all
> doing this. In IIS this is called Socket Pooling. It will grab all
> addresses, even if you specify different address for each web site.
>
> Apache does the same thing by default but if you add the address into the
> connector line it will only bind to that address. That takes care of the
> Apache issue.
>
> But IIS will connect to all addresses even if you specifically set each
> website to be a different address. In our case, if we set up 10 addresses
> on the Nic card and set up our 4 web sites to access 4 of the address, it
> will still grab all the addresses - preventing Apache from running. If we
> manually start Apache to grab one of the addresses not used by IIS first
> (from the Services window) and then start IIS - IIS will fail. The web
> server will show as started but it won't handle any of the pages because
> if one listener fails they all seem to fail.
>
> You were right about the httpcfg.exe which you can run to set up a
> listener list. I assume what happens is that IIS will look for a listener
> list and if it finds it, it will only bind to the addresses on the list.
> If there is no list it will bind to all addresses. I tested this at home
> on a W2K3 Server that I set up. I set up 4 addresses on my Nic card. I
> put all the address except the one that Apache will use and that worked
> perfect. It doesn't matter what order they start in as IIS won't even look
> at the Apache address.
>
> Before IIS6, they had Socket Pooling also. Although they do have a way to
> stop the Socket Pooling for IIS, it isn't the listener list that II6 uses.
> You apparently just turn Socket Pooling off for IIS. I assume it will
> then look at the Web Sites you have defined and only connect to the
> Addresses you have set up there if you turn Pooling off. You apparently
> do it by issuing the following command:
>
> cscript adsutil.vbs set w3svc/disablesocketpooling true
>
> Since this isn't an issue for us, I didn't try it.

This is basically what that MS article explains to you. DisableSocketPooling
is for IIS5, httpcfg is for IIS6. It was all in that article link posted by
Kristofer over a week ago - it wasn't me being right, it was me pointing out
what MS had written that you appeared to have skipped over.

Dan

tshad
Tue Jan 23 10:53:02 CST 2007

> This is basically what that MS article explains to you.
> DisableSocketPooling is for IIS5, httpcfg is for IIS6. It was all in that
> article link posted by Kristofer over a week ago - it wasn't me being
> right, it was me pointing out what MS had written that you appeared to
> have skipped over.

I didn't skip over - just explaining what I had done in my testing.

As I mentioned in another Post:

We actually got this to work pretty much. But ran into a problem where we
have the same Domain name for our IIS and Apache web servers. This would
normally be a problem. But we were able to handle the conflict by using a
different port for SSL and on our Apache all the pages are secure.

We should have been able to solve our problem by doing the same type of
thing by using only the SSL port on our Apache web site.

We tried to solve this by doing the following:

httpcfg set iplisten /i 10.0.15.10:80

Thinking this would only open the port for this address. Not the case. It
still opens port 80 for all addresses defined in the new listener list. And
since we are using 443 for all our other ports (other than this address that
we wanted to use for our Apache Web Server), if you define even one web site
in IIS as 443 all the address in the lists will listen on 443 even though we
have the above entry which says only use port 80.

This is really a worthless entry (that MS docs says is a valid entry)

From the article:

http://technet2.microsoft.com/WindowsServer/en/library/99a5b6e9-8654-4802-8c9a-89f1c645faba1033.mspx?mfr=true
httpcfg set iplisten
/iIp:Port
The /i parameter takes a string specifying the IP address to be added to the
IP-Listen List. This can be either an IPv4 or IPv6 address. When using set
iplisten, the /i parameter is required.

This really does nothing. It doesn't matter if you set this. If any of the
other addresses in the list have 443 defined in the Web Site page of IIS,
they all get it.

Thanks,

Tom