IIS 8.5 binds to all IP addresses on a server

  • Article

 

If you have multiple IPs in one windows server 2008 and above, when you add a website in IIS, you might found that 0.0.0.0 is listening on 80 or 443, rather than the IP address you just added. In this article, I will talk about the root cause and workarounds for this kind of scenario.

Backgrounds:

1) I have a windows server 2012R2 with two IP address A and B.

2) add a new website 1, bind it to IP A with 80 port, add another website 2, bind IP B and 80 port.

3) run “netstat -ano”, would find below result:

Active connections:

Proto local address state PID

TCP 0.0.0.0:80 LISTENING 4

The 80 port on all IP addresses are listening.

4) stop website 2, IP B:80 should be released and stop listening, If I try to telnet IP address B which is not occupied by any websites now:

telnet B 80

it would be successful.

5) The scenario is not expected, as I have already stopped website 2.

Root cause:

It is due to a feature designed in IIS, Socket Pooling. Socket pooling causes Internet Information Services (IIS) to listen to all IP addresses.

disable Socket pooling?

I did try to disable socket pooling following https://support.microsoft.com/en-us/help/238131/how-to-disable-socket-pooling, however failed.

Here is the reason:Because DisableSocketPooling is defined as a valid property in the IIS 6.0 metabase schema (MBSchema.xml), you can still set this property by using Adsutil.vbs, but this has no effect.

Workaround:

Fortunately, In this situation, if we want to delete the port 80 bound with 0.0.0.0, we can manually delete the HTTP listening rule.

1) When stopping website 2 in IIS console, if want IP B stop listening on port 80, please run below command:

netsh http delete iplisten ipadd=IPB:80

2) Now, we can find that we cannot telnet IPB:80 anymore.

3) In the same way, if you need to start the website again, not only to start it on the IIS manager, run below command to add HTTP listening as well.

netsh http add iplisten ipadd=IPB:80

More references:

https://support.microsoft.com/en-us/help/813368/setting-metabase-property-disablesocketpooling-has-no-effect

https://support.microsoft.com/en-us/help/238131/how-to-disable-socket-pooling

https://support.microsoft.com/en-hk/help/954874/iis-binds-to-all-ip-addresses-on-a-server-when-you-install-iis-7.0-on-windows-server-2008

https://msdn.microsoft.com/en-us/library/cc307219(VS.85).aspx

https://msdn.microsoft.com/en-us/library/cc307227(v=vs.85).aspx

Thanks,

Cynthia Jiang from DSI team