IIS 503 "Service Unavailable" over HTTPS, HTTP works fine

Question

I have a web site running in IIS 7.5. When I access the site over HTTP, everything works fine. When I run the site over HTTPS, I immediately get an HTTP 503 error "Service Unavailable". The SSL certificate used on the site self-generated/self-signed.

Here are the solutions that I've seen for similar problems that do not apply to this scenario:

• User identity is outdated
  • Reason: The same App Pool that runs successfully under HTTP is used with HTTPS
• App pool user's password changed
  • Reason: The same App Pool that runs successfully under HTTP is used with HTTPS
• Set "Load User Profile" to false
  • Reason: This is already set to false. Again, the same App Pool that runs successfully under HTTP is used with HTTPS
• .NET regiis
  • Reason: Site/.NET already runs successfully over HTTP, and the site never appears to hit the .NET code as the 503 error comes back immediately, even after an IIS reset, or web.config modification
• Restart IIS
  • Reason: I tried this
• Restart app pool
  • Reason: I tried this
• Site > Advanced Settings > Enabled Protocols > http, https
  • Reason: I tried this

Answer 1

I had a similar issue getting "503 “Service Unavailable”" over HTTPS, HTTP when I checked the console in Firefox. Everything looked fine on the IIS side: SSL certificate, ports, site running, etc. I checked the modem port and realized it required port 443 forwarding enabled. Only port 80 was forwarding. But because I was using a modem branded CenturyLink, the router's Remote GUI Management was using the port.

Lesson learned, if you are using a router branded by CenturyLink or other company that does the same, maybe the same applies. Per the answer here in this link, do:

Common error: "The defined port or port range is in use by another port forwarding or application rule."

If Port 443 is already taken by the router's Remote GUI Management. To free up that port:

1. Log in to the WiFi router.
2. Go into the Advanced section.
3. Click on Remote GUI on the left side menu under Remote Management.
4. Enable Remote GUI and change the port to something other than 443 (such as 4433), then Save.
5. Disable Remote GUI if you don't want it enabled, then Save.

Conclusion:

This solved my issue of "503 “Service Unavailable”" over HTTPS. Port 443 requires to be enabled.

Answer 2

The commenter Chad Cothern on this blog had the answer and linked to this Microsoft Blog by BretB. The problem in this case is that everything on port 443 has been reserved and "prevents W3SVC from obtaining the rights to listen on port 80 when it tries to start the site. Furthermore, applications that run in IIS do not need explicit reservations to run, only non-IIS applications have to reserve a URL namespace if they want to use HTTP to listen for requests."

Here are the steps to determine if this is the problem and how to resolve:

1. Open the Command Prompt
2. Run: netsh http show urlacl url=https://+:443/
3. If something is there, then this is your problem. Port 443 is completely reserved and is blocking IIS.
   • If there is a need to reserve port 443 for an application running outside of IIS, it needs to be registered with an application path (i.e. http://+:443/appPath)
   • If there is nothing there, then this might not be the issue. No need to continue.
4. Run: netsh http delete urlacl https://+:443/
5. Try running your application again.

Note, that you can also check port 80, or any other port using this method. For instance if port 80 is reserved and 443 is not, then the site over HTTPS would work, while HTTP would not.