View Complete Thread
  • Re: IIS SSL Cert Binding Randomly Disappears

    Jun 20, 2018 07:55 PM|jrgonzalez|LINK

    Hi lextm, thank you for the links. I had already come across these links and I checked the applicationhost.config file for entry 5506 and it doesn't exist. In the second link you posted, in the comments below someone specifically mentions SCCM and property entry of 5511 and 2161 and neither of those are in my applicationhost.config file. 

    Here is what my applicationhost.config file looks like: (just a portion of it)

    <configSections>
    <sectionGroup name="system.applicationHost">
    <section name="applicationPools" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="configHistory" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="customMetadata" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="listenerAdapters" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="log" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="serviceAutoStartProviders" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="sites" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="webLimits" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    </sectionGroup>

    <sectionGroup name="system.webServer">
    <section name="asp" overrideModeDefault="Deny" />
    <section name="caching" overrideModeDefault="Allow" />
    <section name="cgi" overrideModeDefault="Deny" />
    <section name="defaultDocument" overrideModeDefault="Allow" />
    <section name="directoryBrowse" overrideModeDefault="Allow" />
    <section name="fastCgi" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="globalModules" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="handlers" overrideModeDefault="Deny" />
    <section name="httpCompression" overrideModeDefault="Allow" />
    <section name="httpErrors" overrideModeDefault="Allow" />
    <section name="httpLogging" overrideModeDefault="Deny" />
    <section name="httpProtocol" overrideModeDefault="Allow" />
    <section name="httpRedirect" overrideModeDefault="Allow" />
    <section name="httpTracing" overrideModeDefault="Deny" />
    <section name="isapiFilters" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
    <section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
    <section name="applicationInitialization" allowDefinition="MachineToApplication" overrideModeDefault="Allow" />
    <section name="odbcLogging" overrideModeDefault="Deny" />
    <sectionGroup name="security">
    <section name="access" overrideModeDefault="Deny" />
    <section name="applicationDependencies" overrideModeDefault="Deny" />
    <sectionGroup name="authentication">
    <section name="anonymousAuthentication" overrideModeDefault="Deny" />
    <section name="basicAuthentication" overrideModeDefault="Deny" />
    <section name="clientCertificateMappingAuthentication" overrideModeDefault="Deny" />
    <section name="digestAuthentication" overrideModeDefault="Deny" />
    <section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Deny" />
    <section name="windowsAuthentication" overrideModeDefault="Deny" />
    </sectionGroup>
    <section name="authorization" overrideModeDefault="Allow" />
    <section name="ipSecurity" overrideModeDefault="Deny" />
    <section name="dynamicIpSecurity" overrideModeDefault="Deny" />
    <section name="isapiCgiRestriction" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
    <section name="requestFiltering" overrideModeDefault="Allow" />
    </sectionGroup>
    <section name="serverRuntime" overrideModeDefault="Deny" />
    <section name="serverSideInclude" overrideModeDefault="Deny" />
    <section name="staticContent" overrideModeDefault="Allow" />
    <sectionGroup name="tracing">
    <section name="traceFailedRequests" overrideModeDefault="Allow" />
    <section name="traceProviderDefinitions" overrideModeDefault="Deny" />
    </sectionGroup>
    <section name="urlCompression" overrideModeDefault="Allow" />
    <section name="validation" overrideModeDefault="Allow" />
    <sectionGroup name="webdav">
    <section name="globalSettings" overrideModeDefault="Deny" />
    <section name="authoring" overrideModeDefault="Deny" />
    <section name="authoringRules" overrideModeDefault="Deny" />
    </sectionGroup>
    <section name="webSocket" overrideModeDefault="Deny" />
    </sectionGroup>
    <sectionGroup name="system.ftpServer">
    <section name="log" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="firewallSupport" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="caching" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="providerDefinitions" overrideModeDefault="Deny" />
    <sectionGroup name="security">
    <section name="ipSecurity" overrideModeDefault="Deny" />
    <section name="requestFiltering" overrideModeDefault="Deny" />
    <section name="authorization" overrideModeDefault="Deny" />
    <section name="authentication" overrideModeDefault="Deny" />
    </sectionGroup>
    <section name="serverRuntime" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    </sectionGroup>
    </configSections>

    <configProtectedData>
    <providers>
    <add name="IISWASOnlyRsaProvider" type="" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useMachineContainer="true" useOAEP="false" />
    <add name="IISCngProvider" type="Microsoft.ApplicationHost.CngProtectedConfigurationProvider" description="Uses Win32 Crypto CNG to encrypt and decrypt" keyContainerName="iisCngConfigurationKey" useMachineContainer="true" />
    <add name="IISWASOnlyCngProvider" type="Microsoft.ApplicationHost.CngProtectedConfigurationProvider" description="(WAS Only) Uses Win32 Crypto CNG to encrypt and decrypt" keyContainerName="iisCngWasKey" useMachineContainer="true" />
    <add name="AesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisConfigurationKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAALTTCStsuA6x5jVGpNdWbTow4Yq/M1MRdXEgyq+dkIzTnOZEA9Qegh5LjUZ0WQaiKxZ4HqK0g3PjE7ZRohcoegDAqlgnLjWgB0m9xPcIuQSjKuwxLm5MjeaSgd+7NT09HeShKxQdQVrGuxRzxDDJSz4+JRCWKUVHnbp1Yd2tz3G2esvgxWgIpWFMQXtiXnwH6z+5kjFnLSM9tvA7q2sBJB18oFPXIQaWAL1w2D7GfZB6zG65GPWfSR1Yb522YmtzAQvTvjVuunpGZLLQbb6i2cVRxFJ9TIpVl6foQMAJXMC4SB1rqaQD9wim+meNb0Os9ZGJfvohfW3WtpFff6C5rIw==" />
    <add name="IISWASOnlyAesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAAwysrfn08VpTTiIItRoo2i9YlB4roS5H598hlWBZsj0TctFe3TsIN/gD3L81HngEXLlMDt7DSGl1PwOjGWovJgCUEpqO8ellja5kMijYKzQO9BOJx/5bqMbWu/MUfMjcb6NYJfKP/0kip5pmVhdY9EwH04ezm8saV0eztMYeryqgDRTyHl2Y83wScBQsDbOW8cq4kj2VxqRwFaPRSa7tJn8N9FXCyxuFryYG/3pGOklmektm86MsceJq+Pc75wz60+7v1mBfHX27PC582AVVGg3qU77W8Gg16ZcKg8iGOJAItg118kMdFsYD3ONAS+owSZgpmQnOJMyek6uMNhxjOPw==" />
    </providers>
    </configProtectedData>

    <system.applicationHost>

    <applicationPools>
    <add name="DefaultAppPool" />
    <add name="SMS Distribution Points Pool" autoStart="true">
    <processModel identityType="LocalService" />
    </add>
    <applicationPoolDefaults managedRuntimeVersion="v4.0">
    <processModel identityType="ApplicationPoolIdentity" />
    </applicationPoolDefaults>
    </applicationPools>

    <!--

    The <customMetadata> section is used internally by the Admin Base Objects
    (ABO) Compatibility component. Please do not modify its content.

    -->
    <customMetadata>
    <key path="LM/W3SVC">
    <property id="1002" dataType="String" userType="1" attributes="None" value="IIsWebService" />
    <property id="130002" dataType="String" userType="2" attributes="Inherit" value="BITS-Sessions" />
    <property id="130003" dataType="String" userType="2" attributes="Inherit" value="18446744073709551615" />
    <property id="130004" dataType="DWord" userType="2" attributes="Inherit" value="1209600" />
    <property id="130005" dataType="DWord" userType="2" attributes="Inherit" value="0" />
    <property id="130006" dataType="String" userType="2" attributes="Inherit" value="" />
    <property id="130008" dataType="String" userType="2" attributes="Inherit" value="" />
    <property id="130009" dataType="DWord" userType="2" attributes="Inherit" value="86400" />
    <property id="130011" dataType="DWord" userType="2" attributes="Inherit" value="0" />
    <property id="130012" dataType="DWord" userType="2" attributes="Inherit" value="1" />
    <property id="130013" dataType="DWord" userType="2" attributes="Inherit" value="12" />
    <property id="130014" dataType="DWord" userType="2" attributes="Inherit" value="1" />
    <property id="130015" dataType="DWord" userType="2" attributes="Inherit" value="0" />
    <property id="130016" dataType="DWord" userType="2" attributes="Inherit" value="0" />
    <property id="130017" dataType="DWord" userType="2" attributes="Inherit" value="0" />
    <property id="130018" dataType="DWord" userType="2" attributes="Inherit" value="50" />
    <property id="130019" dataType="DWord" userType="2" attributes="Inherit" value="0" />
    <property id="2073" dataType="MultiSZ" userType="1" attributes="Inherit" value="C:\Windows\system32\bitssrv.dll&#xA;" />
    </key>
    <key path="LM/W3SVC/INFO">
    <property id="4012" dataType="String" userType="1" attributes="Inherit" value="NCSA Common Log File Format,Microsoft IIS Log File Format,W3C Extended Log File Format,ODBC Logging" />
    <property id="2120" dataType="MultiSZ" userType="1" attributes="None" value="400,0,,,0&#xA;" />
    </key>
    <key path="LM/W3SVC/1/ROOT/SMS_DP_SMSPKG$">
    <property id="2102" dataType="String" userType="100" attributes="Inherit" value="SMS_DP_SMSPKG$" />
    </key>
    <key path="LM/W3SVC/1/ROOT/NOCERT_SMS_DP_SMSPKG$">
    <property id="2102" dataType="String" userType="100" attributes="Inherit" value="NOCERT_SMS_DP_SMSPKG$" />
    </key>
    <key path="LM/W3SVC/1/ROOT/SMS_DP_SMSSIG$">
    <property id="2102" dataType="String" userType="100" attributes="Inherit" value="SMS_DP_SMSSIG$" />
    </key>
    <key path="LM/W3SVC/1/ROOT/NOCERT_SMS_DP_SMSSIG$">
    <property id="2102" dataType="String" userType="100" attributes="Inherit" value="NOCERT_SMS_DP_SMSSIG$" />
    </key>
    </customMetadata>

    <!--

    The <listenerAdapters> section defines the protocols with which the
    Windows Process Activation Service (WAS) binds.

    -->
    <listenerAdapters>
    <add name="http" />
    </listenerAdapters>

    <log>
    <centralBinaryLogFile enabled="true" directory="%SystemDrive%\inetpub\logs\LogFiles" localTimeRollover="true" />
    <centralW3CLogFile enabled="true" directory="%SystemDrive%\inetpub\logs\LogFiles" localTimeRollover="true" />
    </log>

    <sites>
    <site name="Default Web Site" id="1" serverAutoStart="true">
    <application path="/">
    <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />
    </application>
    <application path="/SMS_DP_SMSPKG$" applicationPool="SMS Distribution Points Pool">
    <virtualDirectory path="/" physicalPath="D:\SCCMContentLib" />
    </application>
    <application path="/NOCERT_SMS_DP_SMSPKG$" applicationPool="SMS Distribution Points Pool">
    <virtualDirectory path="/" physicalPath="D:\SCCMContentLib" />
    </application>
    <application path="/SMS_DP_SMSSIG$" applicationPool="SMS Distribution Points Pool">
    <virtualDirectory path="/" physicalPath="\\SRV-XXX-XXX.XXX.XXX\SMSSIG$" />
    </application>
    <application path="/NOCERT_SMS_DP_SMSSIG$" applicationPool="SMS Distribution Points Pool">
    <virtualDirectory path="/" physicalPath="\\SRV-XXX-XXX.XXX.XXX\SMSSIG$" />
    </application>
    <bindings>
    <binding protocol="http" bindingInformation="*:80:" />
    <binding protocol="https" bindingInformation="*:443:" sslFlags="0" />
    </bindings>
    <logFile logExtFileFlags="Date, Time, ClientIP, UserName, ServerIP, Method, UriStem, UriQuery, HttpStatus, Win32Status, BytesSent, TimeTaken, ServerPort, UserAgent, Referer, HttpSubStatus" />
    </site>
    <siteDefaults>
    <logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" localTimeRollover="true" />
    <traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" />
    </siteDefaults>
    <applicationDefaults applicationPool="DefaultAppPool" />
    <virtualDirectoryDefaults allowSubDirConfig="true" />
    </sites>

    <webLimits />

    </system.applicationHost>

    <system.webServer>

    <asp />

    <caching enabled="true" enableKernelCache="true">
    </caching>

    <cgi />

    <defaultDocument enabled="true">
    <files>
    <add value="Default.htm" />
    <add value="Default.asp" />
    <add value="index.htm" />
    <add value="index.html" />
    <add value="iisstart.htm" />
    </files>
    </defaultDocument>

    <directoryBrowse enabled="false" />

    <fastCgi />