IIS 6 may stop responding after you install Microsoft update KB 973917

Aftermath update: The install regime of KB 973917 has been changed. More details here

In the last few days we have started seeing a new symptom appearing more and more often on IIS 6 servers. Here are the symptoms:

You are running Windows 2003 Server and you have IIS 6 installed and hosting your web-sites. The operating system prompts you to install Microsoft update KB 973917. After completing the install you note the following errors:

  • IIS application pools or websites will no longer start

  • IIS web-sites may not be able to start.

  • Rapid Fail Protection will shut down your application pools 

So what really happens?

NOT ALL IIS installs running on Windows 2003 will be impacted by this patch. YOU CAN INSTALL the patch and continue running IIS normally. The only case when the error occurs is the following:

You installed Windows 2003 and you did not install IIS 6 when you did this. You then installed Service Pack 1 or Service Pack 2 directly and afterwards you decided to install IIS. When installing IIS you were prompted to insert the original installation disk (not the Service Pack 1 disk or the Service Pack 2 disk).

If you followed the scenario above, you will most likely end up with what is called a binary mismatch between the operating system dlls and the dlls that belong to IIS. In plain English: your Windows 2003 files are those of Service Pack 2 and your IIS files are those of Service Pack 1 or RTM.

How can you verify that you are in this scenario?

In a Windows 2003 command prompt, type the following command:


This will show you the Windows 2003 version that you are running and the patch level. You should see that the operating system is patched to Service Pack 2. If you are not, you should seriously consider upgrading since Service Pack 1 of Windows 2003 is no longer supported.

If you are running service pack 2, then go ahead and check the version of an IIS 6 file. An easy one is iisutil.dll which is located in the following folder: %windir%\system32\inetsrv. Once you find the file, click on it suing the right mouse button to get the property window of the file. Look at the Version tab of the Window. Should you have a version of this file that has 0 (zero) after the last decimal point, or a version lower than 3000, you have a binary mismatch. The current version of the file is the following:


What goes on behind the scenes?

The latest Microsoft update for Windows 2003 server updates the w3core.dll. This new version of the file will try and call an API located in iisutil.dll. The invoked API will only be found in the iisutil.dll that is installed by the Service Pack 2 of Windows 2003. If you installed IIS 6 after having installed Windows 2003 Service Pack 2, it is very possible, that the installer used the RTM or Service Pack 1 version of the dll, in which the API is not present. Thus the call fails.

Solution to this:

Should you find yourself in this situation, and only after you confirm the symptoms, you should go ahead and re-install the Service Pack 2 from Windows 2003. To download the Service Pack you can go to:


You do not need to un-install and re-install Service Pack 2, just re-install it. Upon install, the Service Pack installer will make a list of all Windows components that are installed on your system (including IIS) and will update their binaries. Thus iisutil.dll will be updated and the problem will be fixed.

by: Paul Cociuba - Senior Support Engineer on the IIS Team 


Comments (5)
  1. JVILLAGA says:

    "…you were prompted to insert the original installation disk (not the Service Pack 1 disk or the Service Pack 2 disk)."

    So is this a bug?  Should I presume this means one is supposed to use the SP1 or SP2 disk when prompted for the "origianl installation disk"?  Does it always "prompt" or will it simply use the original installation path for the files?

    Sorry, this is confusing to me…and it recently bit me!

  2. Well,

    The idea is like this: if you start with a Windows 2003 setup, you can pick and choose the Windows components that you want as part of your Windows install. IIS is one of the components, but is an optional component. The same is true if you start off with an install that is slip streamed with Service Pack 1 or Service Pack 2.

    When install a new service pack for windows, the installer will go through only the installed component list: so if you do not have IIS installed when installing SP1 or SP2 it will not be updated.

    When you decide to install IIS prior to the install of the service pack, the installer will prompt for the original installation disk. This is by design – with the risk of sounding too official. There was no easy way around this.

    In Windows 2008, the Server Manager and Role Manager handle the possibility of binary mismatches between Windows components much more gracefully and exclude this scenario. In Windows 2003 this is a scenario you just need to be aware of.

    Hope this helps

  3. JVILLAGA says:

    Ok, that makes sense.

    One other thing, though.  If I install the SP (without IIS), then add IIS (using the original install disk), will windows/ms update offer the SP (in order to update the IIS component)?

    Thanks a lot for your assistance.


  4. Hello Again,

    If I understand the question correctly, then the answer is yes. Every service pack for a Windows OS (Win2k3 included) comes with updates for all Windows components. However, when the service pack is installed, it will only upgrade the binaries of existing components – since only those binaries are present on your hard drive. It cannot upgrade IIS if it is not there, because it would mean it would first install IIS and then upgrade it, which might not be what you want if your Windows 2003 server is just a file server.

    Re-installing a service pack will go through the process of inspecting the list of components that are installed once again, and thus components that were not installed during the last service pack installation will be patched as well.

    Moreover, for this particular case, you need a Service Pack 2 version of a file called IISUTIL.dll. If you already install the KB 973917, you need not uninstall, since this upgrade only patches w3core.dll. The service pack will patch the missing IISUTIL.dll and all will be well again.

  5. JVILLAGA says:

    Yes, I get it.

    I suppose if thought through, it is pretty logical (obvious?).

    Unfortunately, I did not inspect the logic prior to my recent upgrades.  Easily, fixed per above, though.

    Again, thanks for the help…


Comments are closed.

Skip to main content