XWEB: A User Receives an HTTP Server Error Message 500.100 When the User Tries to Gain Access to a Web Program

Beginning in Exchange Server 2000 Service Pack 1 (SP1), Exchange 2000 provides support for uploading Web programs to the server. You can use the Application Deployment Wizard from the Web Storage System software development kit (SDK) to upload Web programs to the server. However, users may not be able to use Web browsers on client computers to gain access to the Web programs that you uploaded if:

• You uploaded the Web programs to a server other than the default virtual Hypertext Transfer Protocol (HTTP) server. -and-
  
  
• The users try to gain access to the Web programs that you uploaded through a connection that is secured by using Secure Sockets Layer (SSL).

The user receives the following HTTP server error message 500.100 on the client computer:

When a connection that is secured by SSL is established between an HTTP client and a server, only the server's Internet Protocol (IP) address and port number are available to identify the server unambiguously. A host header is not helpful in this situation. For additional information about why a host header is not helpful in this situation, click the article number below to view the article in the Microsoft Knowledge Base: The host header is transmitted in SSL-encrypted form from the client to the server. Therefore, the host header cannot be used to identify the server to which the SSL decryption key is bound.

To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: The English version of this fix should have the following file attributes or later:

Component: Information store


NOTE: Because of file dependencies, this update requires Microsoft Exchange 2000 Server Service Pack 2.

To work around this problem, distribute the server functionality to a front-end server and back-end server configuration. In this configuration, the browser gains access to the front-end server. The front-end server then decrypts the SSL-encrypted information that the front-end server receives from the client computer. The SSL certificate is bound to the IP address of the front-end server, instead of the secondary IP address of the back-end server. The back-end server receives information that is already decrypted, which the back-end server can associate with a host header.

At the time of this article's publication, Integrated Windows Authentication is not available for front-end server and back-end server configurations.

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 3.