You may not be able to log on to a Web site or complete an
Internet transaction after you install the 832894 (MS04-004) security update.
For example, when you submit your user name and password to an SSL-secured Web
site by using a form on a HTTPS Web page, you may receive an HTTP 500 (Internal
Server Error) Web page.
This problem may occur after you apply the 832894 security
update (MS04-004) or the 821814 hotfix on a computer that runs Microsoft
Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, or
For additional information about these
software updates, click the following article number to view the article in the
Microsoft Knowledge Base:
MS04-004: Cumulative security update for Internet Explorer
You receive a "page cannot be displayed" error message when you post to a site that requires authentication
The 832894 security update (MS04-004) and the 821814
hotfix change how the Internet extensions for Windows (Wininet.dll) retries
POST requests when a Web server resets the connection. Programs that use
Windows Internet (Wininet) application programming interface (API) functions to
post data (such as a user name or a password) to a Web server retry the POST
request without including the POST data if the Web server closes (or resets)
the initial connection request.Note
A POST request does not include POST data if its content length
is set to 0 or is empty.
Sometimes, this behavior prevents another
reset and permits authentication to complete. However, you may receive an HTTP
500 (Internal server error) Web page if the Web server must have the POST data
included when Wininet retries the POST request.
To download and to install this update, visit the Microsoft
Windows Update Web site, and then install critical update 831167:
Administrators can download this update from the Microsoft
Download Center or from the Microsoft Windows Update Catalog to deploy to
multiple computers. If you want to install this update later on one or more
computers, search for this article ID number by using the Advanced Search
Options feature in the Windows Update Catalog.
For more information about how to download
updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:
How to download updates that include drivers and hotfixes from the Windows Update Catalog
The following files are available for download from the Microsoft
the Q831167.exe (32-bit) package now.
Collapse this imageExpand this image
the Q831167.exe (64-bit) package now.
Collapse this imageExpand this image
Release Date: February 12, 2004
information about how to download Microsoft Support files, click the following
article number to view the article in the Microsoft Knowledge Base:
How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
To install this update, you must be running Internet Explorer 6
SP1 (version 6.00.2800.1106) on one of the following versions of Windows:
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition, Service Pack 1
- Microsoft Windows XP
- Microsoft Windows 2000 Service Pack 2, Service Pack 3,
Service Pack 4
- Microsoft Windows NT Workstation, Server, and Terminal
Server Edition 4.0 Service Pack 6a
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows Millennium Edition
Because the 832894 (MS04-004) security update supports Windows
98, Windows 98 Second Edition, Windows Millennium Edition, and Windows 2000
SP2, this update will be also be supported on those operating systems.
You must restart your computer after you apply this update.
Update replacement information
This update replaces 821814 for Windows XP, Windows 2000, Windows
NT 4.0, Windows Millennium Edition, Windows 98 Second Edition, and Windows
This update does not replace 821814 for Windows Server 2003
because the problem that is described in this article does not occur on Windows
Server 2003-based computers.
The packages for this update support the following Setup switches:
- /q : Use Quiet mode or suppress messages when the files are being
- /q:u : Use User-Quiet mode. User-Quiet mode presents some dialog boxes
to the user.
- /q:a Use Administrator-Quiet mode. Administrator-Quiet mode does not
present any dialog boxes to the user.
path Specify the location of the temporary folder that is used by
Setup or the target folder for extracting files (when using /c).
- /c Extract the files without installing them. If
path is not specified, you are prompted for a target folder.
path Specify the path and the name of the Setup .inf file or the .exe
- /r:n Never restart the computer after installation.
- /r:i Prompt the user to restart the computer if a restart is required,
except when this switch is used with the /q:a switch.
- /r:a Always restart the computer after installation.
- /r:s Restart the computer after installation without prompting the
- /n:v Do not check version. Use this switch with caution to install the
update on any version of Internet Explorer.
For example, to install the update without any user
intervention and without a restart, use the following command:
q831167.exe /q:a /r:n
The English version of this update has the file
attributes (or later) that are listed in the following table. The dates and
times for these files are listed in coordinated universal time (UTC). When you
view the file information, it is converted to local time. To find the
difference between UTC and local time, use the Time Zone
in the Date and Time tool in Control Panel.
Date Time Version Size File name Platform
06-Feb-2004 18:05 6.0.2800.1405 588,288 Wininet.dll
07-Feb-2004 01:41 6.0.2800.1405 1,796,608 Wininet.dll IA-64
If you cannot apply the update that is discussed in the
Resolution section, you can use one of the following server-side actions to
work around the problem:
- Increase the HTTP keep-alive timeout interval on the Web
server or the proxy server. There is no setting in Microsoft Internet
Information Services (IIS) to control the keep-alive timeout other than the
Windows registry KeepAliveTime value. But with some Web servers and some proxy
servers, you can specify a connection expiration time. If you can specify a
connection expiration time in the Web server or the proxy server, increase the
keep-alive timeout interval. See your Web server documentation for the correct
setting name and value. The default keep-alive timeout value for Internet
Explorer is one minute (60 seconds). Therefore, you must use an HTTP keep-alive
timeout interval on the Web server or the proxy server that is greater than one
For additional information about the
Windows KeepAliveInterval parameter, the Windows KeepAliveTime parameter, and
the Internet Explorer KeepAliveTimeout parameter, click the following article
numbers to view the articles in the Microsoft Knowledge Base:
TCP/IP and NBT configuration parameters for Windows XP
TCP/IP and NBT configuration parameters for Windows 2000 or Windows NT
How to change the default keep-alive time-out value in Internet Explorer
- Disable the HTTP "keep alive connections" on the server.
For additional information, click
the following article number to view the article in the Microsoft Knowledge
HTTP keep-alive header sent whenever ASP buffering is enabled
Microsoft has confirmed that
this is a problem in Microsoft Internet Explorer 6.
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
After you apply the 831167 software update that is
described in this article, programs that use Wininet functions to post data to
a Web server will resend complete POST requests when a connection with a Web
server is reset.
To enable header-only post behavior, create a DWORD
value named SampleApp
is the name of the executable file that
runs the program. Set the DWORD value's value data to 1
in one of the following registry keys:
- For all users of the program, set the value in the
following registry key:
- For the current user of the program only, set the value in
the following registry key:
For example, to enable header-only post behavior in Internet
Explorer and in Windows Explorer, create DWORD values for Iexplore.exe and for
Explorer.exe in one of these registry keys, and then set their value data to 1
To enable header-only post behavior for all programs that use
Wininet functions to post data to a Web server, create a DWORD value named *
to the same registry key, and set the value's value data to 1