17

I've got 6 identical machines running IIS and Apache. Today one of them decided to just stop serving requests. I can access all of the webapps when I try from localhost/resource but when I try from url/resource I get a 404. I did a Get request against the machine that isn't working and I get this back:

  • Server: Microsoft-HTTPAPI/2.0
  • Connection: close

Compared to a working server:

  • Server: Microsoft-IIS/8.5
  • X-Powered-By: ASP.NET
  • Content-Type: text/html

Tried searching for this problem but came up with nothing, anyone got any idea's?

DJT
  • 181
  • 1
  • 1
  • 5
  • Did you check host header configuration on IIS? – Pankaj Kapare Feb 09 '16 at 01:27
  • Kinda off topic here, but check your services to see if one has started that shouldn't be. http://stackoverflow.com/questions/2158432/wamp-port-80-busy – Kev Mar 25 '16 at 04:02
  • In my case the issue was that I've created IIS bindings to a specific IP address instead of "`*`". After binding to "`*`", everything worked as expected. – Uwe Keim May 26 '21 at 15:50

5 Answers5

19

Windows has an HTTP service that manages calls to IIS and other HTTP enabled services on a windows machine. Either you need to configure it to handle your calls, or, in the case of WAMP or similar non-IIS-web-server-on-windows scenarios you may just need to turn it off.

When you see "Microsoft-HttpApi/2.0" returning error, such as 400 "bad URL" or "bad header", etc. the problem is most likely because the HTTP.sys service is intercepting your http request and terminating it because it does not meet with the minimum validation rules that are configured.

This configuration is found in the registry at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. In my case, it was choking because I had a RESTful call that had a 400 character segment in the url which was 160 characters more than the default value of 260, so I

  1. added the registry parameter UrlSegmentMaxLength with a DWORD value of 512,
  2. stopped the service using net stop http
  3. started the service using net start http

I've run into these issues before and it is easy to troubleshoot but there is very little on the web that addresses it.

Try these links

neoscribe
  • 2,203
  • 1
  • 21
  • 18
10

A bit late, so put here for posterity ;-)

After trying all sorts of solutions found on the web, I almost gave up, but found this little nugget.

If the response's Server header returns Microsoft-HttpApi/2.0, it means that the HTTP.sys is being called, not IIS.

As a result, a lot of the workarounds will not work (URLScan, etc).

This worked however:

  1. Open regedit
  2. Navigate HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\
  3. If DisableServerHeader doesn't exist, create it (DWORD 32bit) and give it a value of 2. If it does exist, and the value isn't 2, set it to 2.
  4. Finally, restart the service by calling net stop http then net start http

src: WS/WCF: Remove Server Header

Set below registry flag to: 2 HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader

Setting this to 2 will ensure that self host WCF services no longer sends the SERVER header and thus ensure we are security compliant.
Please note that this disables ALL server headers.

The default value of 0 enables the header, and the value of 1 disables server header from DRIVER (http.sys), but app can still have headers.

For me I had to restart the server for the changes to take effect.

Hope this helps someone

Oram
  • 1,589
  • 2
  • 16
  • 22
VikarV
  • 141
  • 1
  • 7
1

I was working on our web app on a client's site and ran into an issue where the site root pages loaded, but the reports folder always returned a 404 for files that existed in the folder. The 404 page showed the .Net version of 2 when the application was set to 4, and a test of a non-existent page in the root returned a 404 page showing .Net 4.

I tried just http://localhost/reports and got back a Microsoft Reporting Services page. Not part of my application.

Be sure to check just the default document of the folder when a unexpected 404 comes up and the file exists.

Dave
  • 1,179
  • 12
  • 18
1

In my case, running Windows 10 Pro, it was the Windows MultiPoint Service.

By executing:

net stop wms

Port 80 was released.

José Luis Peña Jiménez
  • 11
  • 1
0

This question and series of replies helped me get to the bottom of the related issue I was having. My issue centered around using just a subdomain to go to our server (e.g. typing "www/somepath" into the browser while on our corporate network), which had worked in the past on an older server, but no longer worked when the system was upgraded to a new server. I saw the unexpected Microsoft-HttpApi/2.0 string in the header when using the Chrome Devtools to inspect the Network traffic.

My HTTP.sys process was already logging, so I could verify that my traffic was going to that service and returning 404 NotFound status codes.

My resolution was to add a binding to the IIS site for the subdomain, making IIS respond instead of the HTTP.sys process, as described in this server fault article - https://serverfault.com/questions/479274/why-is-microsoft-httpapi-returning-404-to-my-network-switch

Mark
  • 1,244
  • 1
  • 11
  • 15