IIS 7 and Above
IIS 8.5 Cannot Host Multiple Sites
Last post Oct 14, 2017 01:11 AM by Rovastar
Oct 11, 2017 02:56 PM|techmattr|LINK
I have a web server which is a default installation of Windows 2012 R2 and IIS 8.5. I setup the first site with bindings on 10.10.10.10:80 and 10.10.10.10:443 with a valid cert from a CA. DNS is setup matching the cert and everything works great.
I setup the second site the same way. Bindings on 10.10.10.11:80 and 10.10.10.11:443. As soon as the second site is started I can no longer access any resources on the server. Every request results in a 404 error. If I delete the 2nd site then I'm immediately
able to access the content on the first site again.
I've tried setting up the second site with different ports, using host headers all with the same result.
Oct 11, 2017 04:58 PM|techmattr|LINK
After an hour or so both sites starting working. Now they are back to not working. When I go to the first site, I see the second site's certificate so there is a mismatch. Why doesn't IIS respect bindings by IP?
Oct 11, 2017 05:13 PM|techmattr|LINK
Now when browsing to the site in IE I get the following error:
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to
https://mysite.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4
(link for the details), which is not considered secure. Please contact your site administrator.
Why would the behavior of IIS keep changing when I'm not making any changes whatsoever?
Oct 11, 2017 06:09 PM|Rovastar|LINK
To be honest it is difficult to work out from your description what is happening.
Your setup is normal and nothing unusual. I suspect your is another issue. Maybe the conversion from public to private IP is changing. or some proxy/DNS propagation thing.
Try and establish categorically that all your requests are hitting that server. WIresahrk/netmon to make sure.
I would start again. Have another server. set it up and from your clinet machine go directly to the different sites not via a proxy and cahnge your hosts files locally on your client to hot the server. That way you remove teh massive issues of networks,
proxies, firewalls, DNS. etc
Oct 12, 2017 08:16 AM|Yuk Ding|LINK
Hi tech mattr，
What certificate are you using? self-signed or ca certificate? Secondly, which client certificate are you setting? ignore or require? Thirdly, what if uncheck the Enable SSL? If the issue is caused by TLS, I think maybe disable ssl could let these two
site work together. As long as disable ssl could let multiple sites work together, you only need to focus on the certificate and SSL setting.
Oct 13, 2017 09:08 AM|rodriguesf53|LINK
This might occurred as you are using the same port and the same set of certificate for 10.10.10.10:443 and 10.10.10.11:443. Try to use SNI in IIS and then check the output for the same. Also, give a try by changing the port 443 to some other
port for the 2nd IP
Oct 13, 2017 07:41 PM|techmattr|LINK
Thanks for the replies. I found this may be less of an IIS issue and more of how Windows 2012 R2 works... though I'm not sure why something like this would change between 2008 R2 and 2012 R2.
When I add a second IP in 2008 R2 and I ping that server it always responds with the primary IP. That is not the case with 2012 R2. In 2012 R2 it bounces between whatever IPs have been added. So I ping <server name> a handful of times and sometimes I'll
get a response from .10 and sometimes I'll get .11. While that IS an issue it shouldn't impact IIS since I'm binding a site to an IP. Wrong. Sometimes the site operates on .10 and works fine other times it operates on .11 and returns a 404.
I'm able to reproduce this behavior on a completely default Windows 2012 R2 install in my homelab as well so I ruled out anything in our enterprise environment. Why on earth does IIS ignore the binding? Is there any way to make it not ignore the binding?
Edit: I forgot to add... one of the test I did in my homelab was without any certificates involved to rule that out. I create a test.txt in both sites. One with the body of Server1 and one with the body of Server2. Created two DNS entries. server1.localdomain
> 192.168.1.50 and server2.localdomain > 192.168.1.51
Browse to http://server1.localdomain/test.txt and I see Server1. Hit refresh a few times and sure enough Server2 pops up. Why would that ever happen? Doesn't make any sense. If I do the exact same steps in Server 2008 R2 and I refresh thousands of times
Server2 never pops up. Server1 is returned 100% of the time as it should be.
Oct 14, 2017 01:11 AM|Rovastar|LINK