Socket bind error Port 80, tomcat and iis coexistence

Socket bind error Port 80, tomcat and iis coexistence

I am trying to install tomcat 6 on windows 2008 server that also has IIS 7.0. (I have notes later how can one tell the version of windows and iis on your server).

I was able to install the tomcat service by disabling the UAC (User access control) temporarily during installation of the service.

However when I try to run the tomcat service I am getting an error that says the socket bind failed with error 730013. Ofcourse the error doesnt' tell me which port it failed for. This port turned out to be port 80.

What followed then was a search for two days to figure out what was going on and how to make IIS and anything else on that box perhaps that claims port 80 and tomcat.

The possible culpritns are quite an array. 


java.lang.Exception: Socket bind failed: [730013] 
An attempt was made to access a socket in a way forbidden 
by its access permissions.  
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:647)


netstat -a -b -o > test.txt
notepad test.txt


Active Connections

Proto  Local Address          Foreign Address        State           PID
TCP    0.0.0.0:80             JDServer:0             LISTENING       4
Can not obtain ownership information

TCP    66.xxx.xx.xxx:49195    JDServer:49367         ESTABLISHED     1708
[hMailServer.exe]

If you notice the port 80 is being listened to by someone with PID 4 on ALL ip addresses. That is the problem. Ideally it should look like the second item where hMailServer.exe is nicely listening on a single ip address.

In IIS this feature is called socket pooling. In windows 2008 and IIS 7 this seem to happen even if you figure out a way to disable socket pooling.

The goal of this exercise is to tell IIS not to do that and be nice.

If you are in a hurry this single link from MSDK should do it

the solution is specific to each version of windows server. This applies to windows 2008 server and IIS 7.

The title of the article is

IIS binds to all IP addresses on a server when you install IIS 7.0 on Windows Server 2008 


use netstat to see if port 80 is hogged

use netsh http add iplisten <your ip1>
use netsh http show iplisten (to show your list of ips)
use net stop http
use net start http
use net start w3svc

use netstat again to see if port 80 is not hogged


windows 2008 server 64 bit
IIS 7
Tomcat 6/64 bit


got to Start
type winver
enter

This will bring up a popup identifying your windows server version 


Go to start
type iis
you will see iis manager app
click on it to open and see


netstat
netsh
net

netstat will show you which PID (process id) is holding on to port 80. However as is teh case here the PID of 4 indicates that it is the windows system kernel. So you will not know.

Possible suggested candidates on the web are 


SQLServer Reporting Solution
Windows Remote Management Service (ws-management)
  winrs, winrm etc.

Both of these are installed as services. You may want to turn them to manual from automatic (or automatic with delay).

Do this as a last resort to see if they are the ones holding port 80 on all ips. 


IIS Tomcat coexistence
disable socket pooling for IIS
730012 socket bindign error IIS Tomcat service
netsh iplisten windows 2008 IIS port 80
IIS hogging port 80


\tomcat\logs\*.log

you will see stdout, stderr, and catalina logs. All these are accumulated and kept for each day. Especially the catalina log will tell you the socket bind errors during service startup.

The socket bind is not impacted by the windows firewall. The firewall comes into play after the socket bind completes when the traffic is hitting your site. This is when you need to open up the ports 80, 443, (and may be 8005- depending on tomcat releases and your server.xml file) for tomcat6.exe 


go to start
type
  windows firewall
you will see
  windows firewall with advanced security


new port rule
applies to all domains
ports: 80, 443, 8005
program: \tomcat\bin\tomcat6.exe
service: Apache Tomcat 6

The name of the service and the name of the tomcat executable could vary based on which version of tomcat you are using and how you setup your service.

when tomcat set this up as part of installation it set it up as "Local System". This is one of the highest priorities. So dont' worry about not having access to parts of your system. You have full access. You may want to lower this based on your security needs. 


TCP    66.xxx.xx.xxx:80       JDServer:0             LISTENING       2976
[tomcat6.exe]

Some Installation notes on Tomcat 6 32/64 bit conflicts

As time goes by it is unlikely you will run into this where you are trying to use 32bit tomcat on a 64 bit machine due to some constraints on 32bit and 64bit drivers to your data sources. This will go away as soon as you have a 64 bit driver.

But if you need it this research at this link will help

Here is my previous research notes on windows firewalls

Here is how you disable socket pooling on windows 2003 server

In brief 


At a command prompt, switch to the 
"C:\InetPub\AdminScripts" folder.

Type the following command:
CSCRIPT ADSUTIL.VBS SET W3SVC/DisableSocketPooling TRUE

Here is a similar solution suggested for win 2003 with httpconfig tool

Here is a broader discussion that is useful

There are lot of adds on this link. Unless you are curious you don't need to read this. But it goes into a bit more depth on how to use multiple ips on a machine.

Here is a case where IIS is not there but 80 is still hogged

This link blames windows remote management services and suggests to change the service startup to manual to see if this is the culprit and if it is look around to see how to configur these soap based windows management services to use a different port if possible.

looks like the 2.0 release of these winrm suite uses a different port.

Dive deep into windows winrm and winrs

This is really cool link that explores remote windows management through command line tools.

The site seem to be dedicated to windows networking which could prove to be very useful.

msdn source for windows remote management

SQL Reporting services and port 80 conflict

This talks about the story behind how SQL Server Reporting services installation could conflict with IIS and hence with Tomcat as well. Installers of this software at least should be aware of these implications.

It pays to understand nestat command better

Use this link to understand netstat command better.