Socket bind error Port 80, tomcat and iis coexistence
satya - Tuesday, June 21, 2011 10:06:36 AM
Problem
I am trying to install tomcat 6 on windows 2008 server that also has IIS 7.0. (I have notes later how can one tell the version of windows and iis on your server).
I was able to install the tomcat service by disabling the UAC (User access control) temporarily during installation of the service.
However when I try to run the tomcat service I am getting an error that says the socket bind failed with error 730013. Ofcourse the error doesnt' tell me which port it failed for. This port turned out to be port 80.
What followed then was a search for two days to figure out what was going on and how to make IIS and anything else on that box perhaps that claims port 80 and tomcat.
The possible culpritns are quite an array.
satya - Tuesday, June 21, 2011 10:07:43 AM
what is the exact error: 730013
java.lang.Exception: Socket bind failed: [730013]
An attempt was made to access a socket in a way forbidden
by its access permissions.
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:647)
satya - Tuesday, June 21, 2011 10:09:17 AM
use netstat command to figure out who is using your socket
netstat -a -b -o > test.txt
notepad test.txt
satya - Tuesday, June 21, 2011 10:12:38 AM
your output will look like
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 JDServer:0 LISTENING 4
Can not obtain ownership information
TCP 66.xxx.xx.xxx:49195 JDServer:49367 ESTABLISHED 1708
[hMailServer.exe]
satya - Tuesday, June 21, 2011 10:15:25 AM
The problem here
If you notice the port 80 is being listened to by someone with PID 4 on ALL ip addresses. That is the problem. Ideally it should look like the second item where hMailServer.exe is nicely listening on a single ip address.
In IIS this feature is called socket pooling. In windows 2008 and IIS 7 this seem to happen even if you figure out a way to disable socket pooling.
The goal of this exercise is to tell IIS not to do that and be nice.
satya - Tuesday, June 21, 2011 10:24:18 AM
If you are in a hurry this single link from MSDK should do it
If you are in a hurry this single link from MSDK should do it
the solution is specific to each version of windows server. This applies to windows 2008 server and IIS 7.
The title of the article is
IIS binds to all IP addresses on a server when you install IIS 7.0 on Windows Server 2008
satya - Tuesday, June 21, 2011 10:26:24 AM
Summary of the solution
use netstat to see if port 80 is hogged
use netsh http add iplisten <your ip1>
use netsh http show iplisten (to show your list of ips)
use net stop http
use net start http
use net start w3svc
use netstat again to see if port 80 is not hogged
satya - Tuesday, June 21, 2011 10:27:23 AM
This solution has been tested for
windows 2008 server 64 bit
IIS 7
Tomcat 6/64 bit
satya - Tuesday, June 21, 2011 10:28:22 AM
How do I know windows server version?
got to Start
type winver
enter
This will bring up a popup identifying your windows server version
satya - Tuesday, June 21, 2011 10:29:00 AM
How do I know my IIS version
Go to start
type iis
you will see iis manager app
click on it to open and see
satya - Tuesday, June 21, 2011 10:29:50 AM
what windows command line tools are useful in solving the problem
netstat
netsh
net
satya - Tuesday, June 21, 2011 10:33:18 AM
How do you know what process is hogging port 80
netstat will show you which PID (process id) is holding on to port 80. However as is teh case here the PID of 4 indicates that it is the windows system kernel. So you will not know.
Possible suggested candidates on the web are
SQLServer Reporting Solution
Windows Remote Management Service (ws-management)
winrs, winrm etc.
Both of these are installed as services. You may want to turn them to manual from automatic (or automatic with delay).
Do this as a last resort to see if they are the ones holding port 80 on all ips.
satya - Tuesday, June 21, 2011 10:35:38 AM
Google Keywords
IIS Tomcat coexistence
disable socket pooling for IIS
730012 socket bindign error IIS Tomcat service
netsh iplisten windows 2008 IIS port 80
IIS hogging port 80
satya - Tuesday, June 21, 2011 10:37:21 AM
How do I see tomcat service log files?
\tomcat\logs\*.log
you will see stdout, stderr, and catalina logs. All these are accumulated and kept for each day. Especially the catalina log will tell you the socket bind errors during service startup.
satya - Tuesday, June 21, 2011 10:39:28 AM
Should I disable windows firewall to debug this?
The socket bind is not impacted by the windows firewall. The firewall comes into play after the socket bind completes when the traffic is hitting your site. This is when you need to open up the ports 80, 443, (and may be 8005- depending on tomcat releases and your server.xml file) for tomcat6.exe
satya - Tuesday, June 21, 2011 10:40:10 AM
How do I access windows firewall
go to start
type
windows firewall
you will see
windows firewall with advanced security
satya - Tuesday, June 21, 2011 10:44:12 AM
You only need to set up single inbound rule
new port rule
applies to all domains
ports: 80, 443, 8005
program: \tomcat\bin\tomcat6.exe
service: Apache Tomcat 6
The name of the service and the name of the tomcat executable could vary based on which version of tomcat you are using and how you setup your service.
satya - Tuesday, June 21, 2011 10:46:20 AM
what should be the user for the tomcat service
when tomcat set this up as part of installation it set it up as "Local System". This is one of the highest priorities. So dont' worry about not having access to parts of your system. You have full access. You may want to lower this based on your security needs.
satya - Tuesday, June 21, 2011 10:48:09 AM
here is the nestat output when tomcat is waiting on port 80
TCP 66.xxx.xx.xxx:80 JDServer:0 LISTENING 2976
[tomcat6.exe]
satya - Tuesday, June 21, 2011 10:51:31 AM
Some Installation notes on Tomcat 6 32/64 bit conflicts
Some Installation notes on Tomcat 6 32/64 bit conflicts
As time goes by it is unlikely you will run into this where you are trying to use 32bit tomcat on a 64 bit machine due to some constraints on 32bit and 64bit drivers to your data sources. This will go away as soon as you have a 64 bit driver.
But if you need it this research at this link will help
satya - Tuesday, June 21, 2011 10:54:04 AM
Here is my previous research notes on windows firewalls
satya - Tuesday, June 21, 2011 10:58:29 AM
Here is how you disable socket pooling on windows 2003 server
Here is how you disable socket pooling on windows 2003 server
In brief
At a command prompt, switch to the
"C:\InetPub\AdminScripts" folder.
Type the following command:
CSCRIPT ADSUTIL.VBS SET W3SVC/DisableSocketPooling TRUE
satya - Tuesday, June 21, 2011 11:03:49 AM
Here is a similar solution suggested for win 2003 with httpconfig tool
Here is a similar solution suggested for win 2003 with httpconfig tool
satya - Tuesday, June 21, 2011 11:04:54 AM
Here is a broader discussion that is useful
Here is a broader discussion that is useful
There are lot of adds on this link. Unless you are curious you don't need to read this. But it goes into a bit more depth on how to use multiple ips on a machine.
satya - Tuesday, June 21, 2011 11:07:43 AM
Here is a case where IIS is not there but 80 is still hogged
Here is a case where IIS is not there but 80 is still hogged
This link blames windows remote management services and suggests to change the service startup to manual to see if this is the culprit and if it is look around to see how to configur these soap based windows management services to use a different port if possible.
looks like the 2.0 release of these winrm suite uses a different port.
satya - Tuesday, June 21, 2011 11:10:01 AM
Dive deep into windows winrm and winrs
Dive deep into windows winrm and winrs
This is really cool link that explores remote windows management through command line tools.
The site seem to be dedicated to windows networking which could prove to be very useful.
satya - Tuesday, June 21, 2011 11:10:59 AM
msdn source for windows remote management
satya - Tuesday, June 21, 2011 11:12:41 AM
SQL Reporting services and port 80 conflict
SQL Reporting services and port 80 conflict
This talks about the story behind how SQL Server Reporting services installation could conflict with IIS and hence with Tomcat as well. Installers of this software at least should be aware of these implications.
satya - Tuesday, June 21, 2011 11:32:15 AM
It pays to understand nestat command better
It pays to understand nestat command better
Use this link to understand netstat command better.