IIS bindings keep being removed

I'm having a problem where the security certificate for a site is being periodically unbound from port 443 and replaced with another certificate which is sitting on the server. So whenever a user tries to access the site they are met with a 'untrusted' warning.

So when this first happened, I investigated and found the wrong certificate in place so I changed it back. This worked fine for a while but then it happened again. I checked the event logs and the following two warnings are fired:

SSL Certificate Settings deleted for endpoint : 0.0.0.0:443

SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:443

This happens once or twice a day, and I have to keep rebinding the correct certificate, and I haven't been able to find a solution yet.

The site is running on Windows Server 2012/ IIS 8

According to a couple of online support forums/articles there was an old legacy setting in the ApplicationHost.config file which was supposed to cause this. All references to this that I found referred to a property in the 'customMetaData' section, the property had a specific Id (5506). I couldn't find this specific property anywhere in our ApplicationHost.config file on the server.

Has anyone encountered a similar issue? Or can anyone shed any light on potential causes of this? Having looked around online I'm finding it hard to find much related to my problem, but perhaps I'm not searching for the right thing...

Any advice on this issue would be greatly appreciated.

NOTE:

Have since realised that this happens at 13:00 each day, cant see any significant events that are occurring on the server that might trigger it though...

3

2 Answers

Resolution Locate the following property in the section of the applicationHost.config file, and delete it:

 <property dataType="Binary" userType="1" attributes="None" value="oXiHOzFAMOF0YxIuI7soWvDFEzg=" />

This property is a legacy feature from Internet Information Services (IIS) 6.0 and is no longer needed.

Link to MS Article

If the other answer (property id) doesn't work, follow these steps:

  • Check if there is an antivirus software in the server. Look for especially HIPS feature. Disable the antivirus and try to reproduce the issue
  • Check if the site is using a wildcard certificate. This issue occurs when the wildcard certificate has been imported without marking the keys as exportable. In order to solve it, the affected certificate should be uninstalled and it should be imported back again with marking the keys as exportable
  • Look for System Center Virtual Machine Manager Agent in the server. If it is enabled in the server, disable it and try to reproduce the issue (Reference)
  • Another process might be using 443 port in the server (Example: Windows Admin Center. Check this post out: 503 Service Unavailable error related to Windows Admin Center)
  • Check if insecure protocols are enabled. Registry settings are below. Disable these protocols if they are enabled and try to reproduce the issue

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

Source: SSL Certificate Settings deleted for endpoint (Event ID 15300)

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like