Hi,

a customer had the problem that he disables the IIS service (w3svc) but Windows still listens at port 443.

D:\> sc query w3svc
SERVICE_NAME: w3svc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
D:\> netstat -an|findstr /i 443
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING

This could occur because multiple services/processes can listen to port 80/443 and the w3svc service does not use it exclusivly.

The http.sys driver handles those connections and can configured with the netsh http command.

In this case

netsh http>show servicestate

Snapshot of HTTP service state (Server Session View):
-----------------------------------------------------

Server session ID: FF00000020000001
    Version: 2.0
    State: Active
    Properties:
        Max bandwidth: 4294967295
        Timeouts:
            Entity body timeout (secs): 120
            Drain entity body timeout (secs): 120
            Request queue timeout (secs): 120
            Idle connection timeout (secs): 120
            Header wait timeout (secs): 120
            Minimum send rate (bytes/sec): 150
    URL groups:
    URL group ID: FE00000040000001
        State: Active
        Request queue name: Request queue is unnamed.
        Properties:
            Max bandwidth: 4294967295
            Max connections: 4294967295
            Timeouts:
                Timeout values inherited
            Number of registered URLs: 1
            Registered URLs:
                HTTPS://+:443/KDCPROXY/

the KDC Proxy Server service also uses Port 443. So i stopped the service and the listing port was closed

D:\> sc stop KPSSVC
D:\> netstat -an|findstr /i 443

The parameter view=requestq shows the associated process id

D:\> netsh http show servicestate view=requestq

Michael