You use Microsoft Internet Explorer to view a Web page on a computer that is running Microsoft Windows Server 2003 or Microsoft Windows XP. When you do this, Internet Explorer generates an error message that states that the page cannot be displayed.

This problem may occur if the following conditions are true:

• Internet Explorer uses the connect command to post data, to obtain data, or to set up an HTTPS connection.
• The Web server issues a Secure Sockets Layer (SSL) 3.0 closure alert at the same time that the port is closed on the server.

The closure alert is sent by the server to Internet Explorer as a zero-byte encrypted packet. However, the complete closure message is sent in two different packets. The server sends only the first packet.

Typically, the first closure alert packet includes the ".AP..." (Ack Push) TCP flags to instruct the program that the SSL 3.0 session is closing. A second packet includes the ".A...F" (Ack Fin) TCP flags to instruct the TCP layer to close the port on the client computer.

Because the RESET and FIN TCP flags are not set when the closure alert arrives in the first packet, the Wininet.dll process on the client computer that is running Internet Explorer cannot verify that the packet is not program data. Therefore, the keep-alive port is left open on the client computer until the next Socket Receive call is sent by the client computer. Because Internet Explorer has two keep-alive ports that are open to the server, the retry count is equal to two on the client computer.

The Socket Receive call occurs on the client after it tries to send data on the first keep-alive port. When the Socket Receive call occurs, the SSL 3.0 closure alert is processed. Then, the TCP closure is processed on the client. This step closes the first keep-alive port.

Because the retry count is now one, the client tries to resend data on the second keep-alive port. However, this port has also been closed on the server. When the Socket Receive call occurs on the client, the SSL 3.0 closure alert is processed. Then, the TCP closure is processed. The retry count is now zero. Therefore, the error message is generated that states that the page cannot be displayed.

Security update information

To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current updates, visit the following Microsoft Web site: For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft Web site: Note This update was first included in security update 942615 (MS07-069).

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Windows Server 2003 hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

No prerequisites are required.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

How to enable the hotfix

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

After you install this hotfix, you must modify the registry to enable the hotfix. To enable the hotfix, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then right-click the following subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
3. Point to New, and then click Key.
4. Type FEATURE_HANDLE_SSL_CLOSE_NOTIFY_KB921090, and then press ENTER to name the new key.
5. Right-click FEATURE_HANDLE_SSL_CLOSE_NOTIFY_KB921090, point to New, and then click DWORD Value.
6. Type iexplore.exe, and then press ENTER to name the value.
7. Right-click iexplore.exe, and then click Modify.
8. In the Value data box, type 00000001, and then click OK.
9. Exit Registry Editor.

Windows XP hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To install this hotfix, you must install Windows XP Service Pack 2.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

How to enable the hotfix

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

After you install this hotfix, you must modify the registry to enable the hotfix. To enable the hotfix, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then right-click the following subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
3. Point to New, and then click Key.
4. Type FEATURE_HANDLE_SSL_CLOSE_NOTIFY_KB921090, and then press ENTER to name the new key.
5. Right-click FEATURE_HANDLE_SSL_CLOSE_NOTIFY_KB921090, point to New, and then click DWORD Value.
6. Type iexplore.exe, and then press ENTER to name the value.
7. Right-click iexplore.exe, and then click Modify.
8. In the Value data box, type 00000001, and then click OK.
9. Exit Registry Editor.

To work around this problem, use one of the following methods:

• Disable SSL 3.0 closure alerts at the server.
• Change the keep-alive time-out setting from 30 seconds to 300 seconds.

For more information about how to configure the keep-alive time-out setting, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information, click the following article number to view the article in the Microsoft Knowledge Base: