Removing HTTPS binding affects other sites? [Answered]RSS

12 replies

Last post May 13, 2013 11:28 AM by foxontherock

  • Removing HTTPS binding affects other sites?

    Jun 05, 2008 11:31 AM|takeos|LINK

    My scenario:

    • <div mce_keep="true">Multiple HTTP sites (example1.com, example2.com, etc.) on same IP</div>
    • <div mce_keep="true">Wildcard *.example.com cert that is used for WebDAV publishing over HTTPS for these same sites (wedav1.example.com, webdav2.example.com, etc.)</div>
    • <div mce_keep="true">So each site has one HTTP binding, and one HTTPS (only for publishing)</div>
    • <div mce_keep="true">Anonymous authentication for HTTP, Basic enabled for WebDAV over HTTPS</div>

    Everything worked fine, until I recently added a new site, which exhibited two problems:

    • <div mce_keep="true">WebDAV (XP/Vista clients) get the usual password request, followed by a certificate request</div>
    • <div mce_keep="true">I cannot delete the site or remove the HTTPS binding without getting a message like this:</div>

    ---------------------------
    Site Bindings
    ---------------------------
    The certificate associated with this binding is also assigned to another site's binding. Deleting this binding will cause the HTTPS binding of the other site to be unusable. Do you still want to continue?
    ---------------------------
    Yes   No   Cancel  
    ---------------------------

    I don't know what's wrong with this new site. Apparently the usual setup steps were followed, but now I can't even delete it out of fear of losing the wildcart certificate that is also used by other sites, and I am a bit at loss.

    Any advice?

    Thanks!

  • Re: Removing HTTPS binding affects other sites?

    Jun 05, 2008 11:43 AM|anilr|LINK

    There are 2 parts of an "SSL binding" - the host:ip:port information that is in applicationhost.config which is unique to each site (eg: webdav1.example.com:443:ip) and the mappings of an ip:port combination to a server certificate in http.sys configuration which in this case is shared across all your sites using the wildcard certificate - removing the bindings in the UI will remove both those things which will of course make your other sites non-functional - you need to remove just the binding in applicationhost.config using other means like appcmd/editing in notepad etc.

    Anil Ruia
    Software Design Engineer
    IIS Core Server
  • Re: Removing HTTPS binding affects other sites?

    Jun 06, 2008 05:40 AM|takeos|LINK

    Thank you, manual editing of the .config file did it. It allowed me to remove and readd the site, and the other problem is solved as well. Maybe this should be filed as a bug in IIS manager though?

  • Re: Removing HTTPS binding affects other sites?

    Mar 10, 2010 07:54 AM|cemag|LINK

    Hello!

    I have the same problem I can't fix.
    So I have a SBS 2008 which after installing the certificate does not allow to start the "default" website because another site (SBS Web Application) is using the same port.

    I understood that a manual editing of the config file will solve the problem but I am not sure what I must edit to get it working.
    Can you be more specific for a "novice" like me?

    Thank you!

    Gabe

  • Re: Removing HTTPS binding affects other sites?

    Mar 11, 2010 01:23 AM|CarlosAg|LINK

    The problem that you are facing does not seem to be the exact same problem. The problem mentioned before was two sites using SSL and Wildcard certificates which when deleted can cause problems in between each other.

    If I'm reading correctly your mail it sounds like you just have a port# conflict. You can only have one site with the exact same bindings which it looks like you are having that problem. You should open the IIS Manager (inetmgr.exe) and expand the Tree to get to the Sites node, see the Bindings column. Probably two sites have the same *:80 binding. You can only start one of them so you'll need to stop the other. If you want to have both running you could either edit the Bindings (click Bindings...) and change the port # of one of them or use a host name.

  • Re: Removing HTTPS binding affects other sites?

    Mar 30, 2010 11:45 AM|ahoover@scriptel.com|LINK

    I just fixed the same problem you are describing with my SBS 2008 install. I think this takes place when SSL is turned on for the default web site, which adds the two bindings (one in applicationhost.config, and the UI binding). Just as described above, you are unable to remove the binding in the UI without affecting everythnig else, but if you go to %windir%\System32\inetsrv\config and delete the binding info their for the default website, it will start working again (as long as no sites in your default web site need SSL, if so you could edit it their, I assume, as well) As always make sure and make a backup before you edit. Hope this helps.

    SBS 2008 applicationhost.config SBS Web Applications Default Web Site SSL bindings

  • Re: Removing HTTPS binding affects other sites?

    Jul 14, 2010 02:30 PM|foxontherock|LINK

    I just found this post from 2008. We have this issue actually 2 years later. We have iis 7.0 win2k8 64 bits, a lot of sites and bindings, and a wildcard certificate. Is there a fix that exist for the IIS 7 manager that solve this issue? It's very annoying to have all our https sites down for a few seconds every time we change a https setting on any of our sites.

    SSL bindings iis manager

  • Re: Removing HTTPS binding affects other sites?

    Jul 14, 2010 04:09 PM|CarlosAg|LINK

    There is no fix available, correct me if I'm wrong but this should only happen when you delete a binding to a site and my recommendation would be to use maybe AppCmd.exe for that. Or do you see it in other scenarios as well?

  • Re: Removing HTTPS binding affects other sites?

    Jul 14, 2010 09:49 PM|foxontherock|LINK

    This is exact, when I remove a https binding, the console show me a warning telling me that there is a conflict between this site and another one (without telling me which one). When I push OK, my other sites (all others I think) stops working in https. Then, when I edit one binding and re-assign the generic (*) ssl certificate, that all restarts fine. Sometimes, I also have to recycle some pools, but not every time. In the event log, I see that a binding have been removed, and again, it does not tell me which one. If I edit directly the application.config, does my pool will all recycle? Or else I will use appcmd or doing it programmatically from a vbscript or any other technique.

    IIS 7.0 HTTPS certificate

  • Re: Removing HTTPS binding affects other sites?

    Jul 15, 2010 03:43 PM|foxontherock|LINK

    1 new addition to this topic. We just tried to use the Microsoft.Web.Management dotnet dll found in C:\Windows\System32\inetsrv, and when we remove our https binding using this dll, it generates the same error, we have to re-enable ssl binding (just open binding, edit ssl, then choose certificate, then save). So, this dll and the IIS management console uses exactly the same code when saving the binding. We'll try to remove our binding using WMI, it may be the only solution. Because appcmd.exe is located in the same directory make us think that it will do the same error but we did not tried yet. If we remove the binding with notepad by editing directly the applicationhost.config, it works fine. We have to find a good solution other than notepad :D

    SSL bindings certificate

  • Re: Removing HTTPS binding affects other sites?

    Jul 15, 2010 04:43 PM|CarlosAg|LINK

    Indeed Microsoft.Web.Administration will have the same effect since IIS Manager is the API that it uses to do those changes. You will need to use either AHADMIN or AppCmd, none of those will have that problem.

  • Re: Removing HTTPS binding affects other sites?

    May 13, 2013 10:48 AM|nZeus|LINK

    Am I right that Microsoft doesn't want to fix this issue?

    It's definetly a problem of the IIS Manager.

    Notepad/AHADMIN/AppCmd is not a solution, it's a workaround. It's too risky to edit .config file manually.

  • Re: Removing HTTPS binding affects other sites?

    May 13, 2013 11:28 AM|foxontherock|LINK

    There is another issue we found with iis manager + ssl...

    We are using a Wildcard certificate from GoDaddy, and we CAN'T add any https binding in the console using that certificat, like if it is invalid!

    Seems like the wildcard godaddy ssl certificate contains something that iis management console doesn't like.

    But, we CAN in the notepad applicationhost.config file manually!

    So now, we must use notepad to remove AND add ssl binding!

    Please MS fix these SSL / Wildcard / Binding issues from the IIS management console. (Win 2008 R2)