IIS certificate goes missing after every reboot

This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.

 

 

Issue: On every reboot of server the SSL Binding for the web application is removed, The impact for this is when the users will try to open an files in SharePoint they will get certificate error and URL will not be reachable. To resolve this issue after every reboot you will have to add binding for that web app manually from IIS.

 

Troubleshooting: Based on the boot level Process Monitor traces, we figured out that Microsoft.office.web.AgentManager.exe is deleting the IIS certificate mapping on the Registry. You will generally see " AgentManager.exe” only when Office Web Apps Server is installed on the server.

Untitled.pngWhat is Office Web App in one sentence?

Ans: It is used to render to Office files on Browser... If we open file from SharePoint On-Prem then it opening Word-Online (this is OWA)

 

Cause: This issue occurs because the certificate doesn’t have a unique Friendly name field. This field is required by the Office Web Apps. Therefore, Office Web Apps manager removes the bindings. The Friendly name field must be unique within the Trusted Root Certificate Authorities store. If you have multiple certificates that share a Friendly Name field, the farm creation process fails because the New-OfficeWebAppsFarm cmdlet can’t know which certificates to use.

 

Resolution:

This issue occurs because the certificate doesn’t have a unique Friendly name field. This field is required by the Office Web Apps. Therefore, Office Web Apps manager removes the bindings when it tries to initialize after every reboot. We found that the actual certificate that is used in the IIS Binding was missing Friendly Name. Adding the Friendly Name for the server certificate resolved the issue.

 

Keywords: Certificate missing after reboot, AgentManager.exe, Office Web Apps

 

Reference
https://support.microsoft.com/en-in/help/4051626/ssl-certificate-bindings-removed-office-web-apps-server

http://www.wictorwilen.se/office-web-apps-2013-why-you-can’t-and-shouldn’t-install-sharepoint-2013-on-the-same-machine

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.