satya - Tuesday, June 21, 2011 10:06:36 AM

Problem

I am trying to install tomcat 6 on windows 2008 server that also has IIS 7.0. (I have notes later how can one tell the version of windows and iis on your server).

I was able to install the tomcat service by disabling the UAC (User access control) temporarily during installation of the service.

However when I try to run the tomcat service I am getting an error that says the socket bind failed with error 730013. Ofcourse the error doesnt' tell me which port it failed for. This port turned out to be port 80.

What followed then was a search for two days to figure out what was going on and how to make IIS and anything else on that box perhaps that claims port 80 and tomcat.

The possible culpritns are quite an array.

satya - Tuesday, June 21, 2011 10:07:43 AM

what is the exact error: 730013


java.lang.Exception: Socket bind failed: [730013] 
An attempt was made to access a socket in a way forbidden 
by its access permissions.  
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:647)

satya - Tuesday, June 21, 2011 10:09:17 AM

use netstat command to figure out who is using your socket


netstat -a -b -o > test.txt
notepad test.txt

satya - Tuesday, June 21, 2011 10:12:38 AM

your output will look like


Active Connections

Proto  Local Address          Foreign Address        State           PID
TCP    0.0.0.0:80             JDServer:0             LISTENING       4
Can not obtain ownership information

TCP    66.xxx.xx.xxx:49195    JDServer:49367         ESTABLISHED     1708
[hMailServer.exe]

satya - Tuesday, June 21, 2011 10:15:25 AM

The problem here

If you notice the port 80 is being listened to by someone with PID 4 on ALL ip addresses. That is the problem. Ideally it should look like the second item where hMailServer.exe is nicely listening on a single ip address.

In IIS this feature is called socket pooling. In windows 2008 and IIS 7 this seem to happen even if you figure out a way to disable socket pooling.

The goal of this exercise is to tell IIS not to do that and be nice.

satya - Tuesday, June 21, 2011 10:24:18 AM

If you are in a hurry this single link from MSDK should do it

the solution is specific to each version of windows server. This applies to windows 2008 server and IIS 7.

The title of the article is

IIS binds to all IP addresses on a server when you install IIS 7.0 on Windows Server 2008

satya - Tuesday, June 21, 2011 10:26:24 AM

Summary of the solution


use netstat to see if port 80 is hogged

use netsh http add iplisten <your ip1>
use netsh http show iplisten (to show your list of ips)
use net stop http
use net start http
use net start w3svc

use netstat again to see if port 80 is not hogged

satya - Tuesday, June 21, 2011 10:27:23 AM

This solution has been tested for


windows 2008 server 64 bit
IIS 7
Tomcat 6/64 bit

satya - Tuesday, June 21, 2011 10:28:22 AM

How do I know windows server version?


got to Start
type winver
enter

This will bring up a popup identifying your windows server version

satya - Tuesday, June 21, 2011 10:29:00 AM

How do I know my IIS version


Go to start
type iis
you will see iis manager app
click on it to open and see

satya - Tuesday, June 21, 2011 10:29:50 AM

what windows command line tools are useful in solving the problem


netstat
netsh
net

satya - Tuesday, June 21, 2011 10:33:18 AM

How do you know what process is hogging port 80

netstat will show you which PID (process id) is holding on to port 80. However as is teh case here the PID of 4 indicates that it is the windows system kernel. So you will not know.

Possible suggested candidates on the web are


SQLServer Reporting Solution
Windows Remote Management Service (ws-management)
  winrs, winrm etc.

Both of these are installed as services. You may want to turn them to manual from automatic (or automatic with delay).

Do this as a last resort to see if they are the ones holding port 80 on all ips.

satya - Tuesday, June 21, 2011 10:35:38 AM

Google Keywords


IIS Tomcat coexistence
disable socket pooling for IIS
730012 socket bindign error IIS Tomcat service
netsh iplisten windows 2008 IIS port 80
IIS hogging port 80

satya - Tuesday, June 21, 2011 10:37:21 AM

How do I see tomcat service log files?


\tomcat\logs\*.log

you will see stdout, stderr, and catalina logs. All these are accumulated and kept for each day. Especially the catalina log will tell you the socket bind errors during service startup.

satya - Tuesday, June 21, 2011 10:39:28 AM

Should I disable windows firewall to debug this?

The socket bind is not impacted by the windows firewall. The firewall comes into play after the socket bind completes when the traffic is hitting your site. This is when you need to open up the ports 80, 443, (and may be 8005- depending on tomcat releases and your server.xml file) for tomcat6.exe

satya - Tuesday, June 21, 2011 10:40:10 AM

How do I access windows firewall


go to start
type
  windows firewall
you will see
  windows firewall with advanced security

satya - Tuesday, June 21, 2011 10:44:12 AM

You only need to set up single inbound rule


new port rule
applies to all domains
ports: 80, 443, 8005
program: \tomcat\bin\tomcat6.exe
service: Apache Tomcat 6

The name of the service and the name of the tomcat executable could vary based on which version of tomcat you are using and how you setup your service.

satya - Tuesday, June 21, 2011 10:46:20 AM

what should be the user for the tomcat service

when tomcat set this up as part of installation it set it up as "Local System". This is one of the highest priorities. So dont' worry about not having access to parts of your system. You have full access. You may want to lower this based on your security needs.

satya - Tuesday, June 21, 2011 10:48:09 AM

here is the nestat output when tomcat is waiting on port 80


TCP    66.xxx.xx.xxx:80       JDServer:0             LISTENING       2976
[tomcat6.exe]

satya - Tuesday, June 21, 2011 10:51:31 AM

Some Installation notes on Tomcat 6 32/64 bit conflicts

As time goes by it is unlikely you will run into this where you are trying to use 32bit tomcat on a 64 bit machine due to some constraints on 32bit and 64bit drivers to your data sources. This will go away as soon as you have a 64 bit driver.

But if you need it this research at this link will help

satya - Tuesday, June 21, 2011 10:54:04 AM

Here is my previous research notes on windows firewalls

satya - Tuesday, June 21, 2011 10:58:29 AM

Here is how you disable socket pooling on windows 2003 server

In brief


At a command prompt, switch to the 
"C:\InetPub\AdminScripts" folder.

Type the following command:
CSCRIPT ADSUTIL.VBS SET W3SVC/DisableSocketPooling TRUE

satya - Tuesday, June 21, 2011 11:03:49 AM

Here is a similar solution suggested for win 2003 with httpconfig tool

satya - Tuesday, June 21, 2011 11:04:54 AM

Here is a broader discussion that is useful

There are lot of adds on this link. Unless you are curious you don't need to read this. But it goes into a bit more depth on how to use multiple ips on a machine.

satya - Tuesday, June 21, 2011 11:07:43 AM

Here is a case where IIS is not there but 80 is still hogged

This link blames windows remote management services and suggests to change the service startup to manual to see if this is the culprit and if it is look around to see how to configur these soap based windows management services to use a different port if possible.

looks like the 2.0 release of these winrm suite uses a different port.

satya - Tuesday, June 21, 2011 11:10:01 AM

Dive deep into windows winrm and winrs

This is really cool link that explores remote windows management through command line tools.

The site seem to be dedicated to windows networking which could prove to be very useful.

satya - Tuesday, June 21, 2011 11:10:59 AM

msdn source for windows remote management

satya - Tuesday, June 21, 2011 11:12:41 AM

SQL Reporting services and port 80 conflict

This talks about the story behind how SQL Server Reporting services installation could conflict with IIS and hence with Tomcat as well. Installers of this software at least should be aware of these implications.

satya - Tuesday, June 21, 2011 11:32:15 AM

It pays to understand nestat command better

Use this link to understand netstat command better.