none
SSL Certificate missing from the drop down in 'Edit Site Binding' for 'HTTPS' type in the IIS Default Website

    Question

  • Issue:

    1. Unable to find the SSL Certificate for FQDN ('CN = Win2K8MDCRoot.MDC.Com') from the drop down in 'Edit Site Binding' for 'HTTPS' type in the IIS Default Website.

    2. Also the 'CN = WMSvc-Win2K8MDCRoot' is missing.

    3. Only certificate seen is 'CN = Federation Server Win2K8MDCRoot'

    4. I also faced exception (Event Log pasted below) adding AD FS Role for the VM as per below Steps. However after I gave path & name ('c:/cert/trustpolicy.xml') to the step 7, I over came the issue. Not sure if this is the way to do. I didn't had to do it when I installed AD FS earlier for the first time.

    Steps To Add AD FS Role:

    Click Start, point to Administrative Tools, and then click Server Manager.
    1.Right-click Roles, and then click Add Rolesto start the Add Roles Wizard.
    2.On the Before You Beginpage, click Next.
    3.On the Select Server Rolespage, click ActiveDirectory Federation Services. Click Next two times.
    4.On the Select Role Servicespage, select the Federation Servicecheck box. If you are prompted to install additional Web Server (IIS) or Windows Process Activation Service role services, click Add Required Role Servicesto install them, and then click Next.
    5.On the Choose a Server Authentication Certificate for SSL Encryptionpage, click Create a self-signed certificate for SSL encryption, and then click Next.
    6.On the Choose a Token-Signing Certificatepage, click Create a self-signed token-signing certificate, and then click Next.
    7.On the Select Trust Policypage, click Create a new trust policy, and then click Next twice.
    8.On the Select Role Servicespage, click Nextto accept the default values.
    9.Verify the information on the Confirm Installation Selectionspage, and then click Install.
    10.On the Installation Resultspage, verify that everything installed correctly, and then click Close.

    Event Log :

    Log Name:      Microsoft-Windows-ServerManager/Operational
    Source:        Microsoft-Windows-ServerManager
    Date:          03-07-2012 18:09:06
    Event ID:      1600
    Task Category: None
    Level:         Error
    Keywords:     
    User:          HDC\Administrator
    Computer:      Win2K8HDCRoot.HDC.Com
    Description:
    An error occurred in Server Manager. An unexpected exception was found:
    System.ArgumentNullException: Value cannot be null.
       at Microsoft.Windows.ServerManager.ActiveDirectoryFederationServer.ActiveDirectoryFederationServerProvider.SaveRegistrySetting(Nullable`1 setToCreate, String value, String registryValueName)
       at Microsoft.Windows.ServerManager.ActiveDirectoryFederationServer.ActiveDirectoryFederationServerProvider.PerformActionBeforeInstall(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
       at Microsoft.Windows.ServerManager.Common.Provider.PreInstall(InstallableFeatureInformation guest, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
       at Microsoft.Windows.ServerManager.Common.Provider.FlushSyncPreInstall(List`1 guestsToSync, Dictionary`2 syncResultMap)
       at Microsoft.Windows.ServerManager.Common.Provider.FlushSync(SyncProgressHandler progressCallback)
       at Microsoft.Windows.ServerManager.Common.Provider.FinalFlush(SyncProgressHandler progressCallback)
       at Microsoft.Windows.ServerManager.Transformation.SyncEngine.Sync(ChangeTracker changeTracker, DiscoveryResult discoveryResult, List`1 progressUpdateIdList)
       at Microsoft.Windows.ServerManager.DiscoveryResult.CommitUpdates(ChangeTracker changeTracker, ProgressUpdateCallback progressUpdateDelegate, List`1 featureIdsOfInterest)

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ServerManager" Guid="{8C474092-13E4-430E-9F06-5B60A529BF38}" />
        <EventID>1600</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x1000000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-03T12:39:06.753780000Z" />
        <EventRecordID>15</EventRecordID>
        <Correlation />
        <Execution ProcessID="3372" ThreadID="3840" />
        <Channel>Microsoft-Windows-ServerManager/Operational</Channel>
        <Computer>Win2K8HDCRoot.HDC.Com</Computer>
        <Security UserID="S-1-5-21-3090551790-3641519970-2520486389-500" />
      </System>
      <UserData>
        <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS">
          <message>An unexpected exception was found:
    System.ArgumentNullException: Value cannot be null.
       at Microsoft.Windows.ServerManager.ActiveDirectoryFederationServer.ActiveDirectoryFederationServerProvider.SaveRegistrySetting(Nullable`1 setToCreate, String value, String registryValueName)
       at Microsoft.Windows.ServerManager.ActiveDirectoryFederationServer.ActiveDirectoryFederationServerProvider.PerformActionBeforeInstall(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
       at Microsoft.Windows.ServerManager.Common.Provider.PreInstall(InstallableFeatureInformation guest, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
       at Microsoft.Windows.ServerManager.Common.Provider.FlushSyncPreInstall(List`1 guestsToSync, Dictionary`2 syncResultMap)
       at Microsoft.Windows.ServerManager.Common.Provider.FlushSync(SyncProgressHandler progressCallback)
       at Microsoft.Windows.ServerManager.Common.Provider.FinalFlush(SyncProgressHandler progressCallback)
       at Microsoft.Windows.ServerManager.Transformation.SyncEngine.Sync(ChangeTracker changeTracker, DiscoveryResult discoveryResult, List`1 progressUpdateIdList)
       at Microsoft.Windows.ServerManager.DiscoveryResult.CommitUpdates(ChangeTracker changeTracker, ProgressUpdateCallback progressUpdateDelegate, List`1 featureIdsOfInterest)
    </message>
        </EventXML>
      </UserData>
    </Event>

    *****************************************************************

    VM Details:

    OS: 2K8 R2 Standard
    Domain: MDC.Com
    NetBIOS/Computer Name: Win2K8MDCRoot
    FQDN: Win2K8MDCRoot.MDC.Com
    Roles: 'Active Directory Domain Service', 'Active Directory Federation Service', 'DNS Server', 'Application Server', 'File Services' and 'Web Server (IIS)'.
    Network Related Configuration: 'Network Doscovery' Turned On with 'SDDP' and 'UPnP' services running. Also 'DNS client' and 'Function Discovery Resource Publication' are running. Firewall is Turned On
    No of Network Adapters : 2
    Network Adapter 1 connected to 'Internal' with IPv4 set to a static IP '192.168.10.1' and DNS set to '127.0.0.1'. IPv6 is disabled
    Network Adapter 2 connected to 'External'and IPv4 set to Automatic for IP and DNS addresses. IPv6 is disabled
    Domain Controller for HDC.Com.

    *****************************************************************

    What I Did in VM Before :

    Initially VM was having just VS2010 and SP2010 installed with no DNS, AD DS, AD FS  Roles. Later on, VS and SP2010 was uninstalled via Control Panel, along with some other programs I can't recollect. Then added roles DNS and AD DS to create and control a new domain 'X.Com'. After few days, I tried out a basic Claims-Based app as in 'http://www.youtube.com/watch?v=nvNYyzT7QB8'. After installing 'AD FS' role, I could notice certificates in the IIS Default Website and in other places. After few days, I wanted to give my VM a new name and domain, so I removed all of the above roles and re-added to create and control the current domain 'MDC.Com'. Before this step, the self-signed certificates which were installed as part of Claims App were deleted and also the ones seen in the IIS and 'Trusted Root Certificate Authorities' (similar to the ones mentioned in the Issues 1,2,3 above).

    *****************************************************************
    I'm not good at basics of any of the above tried out learnings but request the learned community members to help me resolve the issue and excuse me in case I pose some silly basic questions as part of this thread.

    Wednesday, July 04, 2012 5:20 PM

All replies


  • Hi,

    After few hours of dig up, I found solution to Issue 2 here
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrmigration/thread/a1e4c893-5a9c-48eb-9419-d7689bfd7f80/

    I could get back the certificate 'WMSvc-Win2K8MDCRoot', after I added the 'Management Service' feature in the Web Server(IIS) role.
    No luck yet with the Issue 1, the missing FQDN certificate. I'm on it.

    Thursday, July 05, 2012 8:40 PM
  • Finally something I did brought back my FQDN certificate in place.

    Certificates(Local Computer)

    Personal - Certificates
    &
    Trusted Root Certification Authorities - Certificates
    &
    Drop down of 'IIS - Default Web Site - Edit Site Bindings for 443/HTTPS
    type'

    I created a certificate from "IIS - Server Certificates - Create A Self
    Signed Certificate", giving my FQDN as the name of the certificate.

    Not totally sure if this certificate is what I was looking for as part of my
    Claim App lab. But I could complete the lab till last but one step. (Last step
    of accessing the ClaimApp from Win7 client is giving accessibility problems
    though and not sure if it is linked to this issue in anyway)

    Wondering if the FQDN certificate will ever be in place by default or
    nstalled as part of any Role/Feature addition, wihtout having to create it
    manually in IIS. But I remember it being there for the first time I configured
    my VM and added required roles (AD DS, DNS, AD FS, IIS).

    Friday, July 06, 2012 9:12 PM