503 error on port 80, but 443 works
Question
Thursday, July 9, 2020 11:45 AM
Hi all.
Not convinced this is an IIS issue, but somewhat related at least.
I have an issue on a server (IIS 7) running 3 websites (all on different domains and different IP addresses). The bindings on each site are configured as follows:
site1.domain1.com, port 80, ip X
site1.domain1.com, port 443, ip X
site2.domain2.com, port 80, ip Y
site2.domain2.com, port 443, ip Y
etc.
On each of the 3 sites, the site (all running ASP.NET apps) work fine over https, but on http I get 503 Service unavailable.
I'm not really sure why - the issue has existed for some time, but hasn't really bothered me too much (we prefer to use https anyway and these are the only links published anywhere), but I'm trying to install a LetsEncrypt certificate now and it seems to be failing because of this issue, so I guess I have to resolve it!
My initial thought was that there must be some kind of conflict on port 80, but I have checked and rechecked the bindings and all are limited to a specific IP and host header, so there shouldn't be any conflicts (at least not in IIS). I've run netsh but struggle to make sense of the output.
[edit: added some details on the netsh output below]
I do see this in the netsh http show urlacl output:
I suspect that may be causing the issue (there is no corresponding entry for 443), but I am not keen to just delete it (there are lot so interdependent components running on this server and I don't want to inadvertently break it). How do I know that this is for?
Any pointers on how to troubleshoot this would be much appreciated.
All replies (4)
Thursday, July 9, 2020 2:53 PM âś…Answered
That reserved URL entry from netsh http show urlacl was basically just <a href="http://+:80/
">http://+:80/
IIS as a service does not require any reserved URL entry.
So on this machine you have another application that wants to take over port 80 and it does give you back 503. Delete that entry and IIS should work fine again. But that application should be broken and you might then know what it is.
Thursday, July 9, 2020 2:21 PM
Sorry, I notice the screenshot that I pasted got lost somewhere. That reserved URL entry from netsh http show urlacl was basically just http://+:80/
Friday, July 10, 2020 5:31 AM
Thanks, I deleted it a little over 12 hours ago and so far nothing has broken. My best guess is that there was once something installed on the server that created this but it didn't get removed on the uninstall (server is quite long in the tooth and various monitoring tools etc. have been tried over the years).
Friday, July 10, 2020 5:45 AM
First, you could try to add other port number and check does it gives you the same response or not.
te reason behind the issue is the URL is reserved. The "+" sign means any host header, and the:80 means anything on port 80. Since there is no application path after the final "/" it reserves anything that runs on port 80. This is what is causing the 503 Service Unavailable errors, as this reservation will prevent W3SVC from obtaining the right to listen on port 80 when it tries to start the site. Furthermore, applications that run in IIS do not need explicit reservations to run, only non-IIS applications have to reserve a URL namespace if they want to use HTTP to listen for requests. One example are WCF applications that are running on HTTP, as these are non-IIS applications that use HTTP to listen for requests. To resolve the problem for the default web site, we have to remove the reserved namespace for port 80 with the following command.
netsh http delete urlacl http://+:80/
URL reservation successfully deleted
After removing this namespace, WCF applications or other non-IIS applications running on this server may break. So a new URL reservation may be needed for those applications.