tag:blogger.com,1999:blog-2516515388142486814.post3787554753693159104..comments2023-09-13T07:21:12.291-07:00Comments on Mumblestiltskin: Trouble with ADFS Proxy Certificate update\renewalUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-2516515388142486814.post-39444992070746108702022-01-14T14:04:22.837-08:002022-01-14T14:04:22.837-08:00Wow, this was nasty, i.e. WAP broke, but no warnin...Wow, this was nasty, i.e. WAP broke, but no warnings,errors,event log entries, system errors, etc. i.e. nothing showed broken, but sure enough the NIC bindings for SSL were gone. This fixed it. Thank you!! 8D...aveTimeForYourMind.comhttps://www.blogger.com/profile/14551570788263850143noreply@blogger.comtag:blogger.com,1999:blog-2516515388142486814.post-8598819880071101872018-02-25T21:02:33.260-08:002018-02-25T21:02:33.260-08:00this worked for me however my previous config had ...this worked for me however my previous config had used hostnameport so I had to add certstorename=MY and some other settings which I found on my other node:<br />Netsh<br />Http<br />add sslcert hostnameport=hostname.org.au:443 certhash=xxxxxxxxxxxxxxx appid={5d89a20c-beab-4389-9447-324788eb944a} clientcertnegotiation=disable certstorename=MY sslctlstorename=AdfsTrustedDevices<br /><br />add sslcert hostnameport=hostname.org.au:49443 certhash=xxxxxxxxxxxxxxxx appid={5d89a20c-beab-4389-9447-324788eb944a} clientcertnegotiation=enable certstorename=MY<br />Shelleyhttps://www.blogger.com/profile/07252756489788089897noreply@blogger.comtag:blogger.com,1999:blog-2516515388142486814.post-75286954207138416652016-12-09T10:07:40.114-08:002016-12-09T10:07:40.114-08:00The above comment working for me.
For some reaso...The above comment working for me. <br /><br />For some reason after changing out a cert, the bindings on my WAP server disappeared. This problem was noticed because the ADFS portal was accessible to internal computers, but not external. I had to manually set the bindings up again.<br /><br />The correct appid for a WAP server is {f955c070-e044-456c-ac00-e9e4275b3f04}<br /><br />For the command to run successfully i had to enter netsh http mode first:<br /><br />netsh<br />http<br />add sslcert ipport=0.0.0.0:443 certhash=yourcertthumbprint appid={f955c070-e044-456c-ac00-e9e4275b3f04} clientcertnegotiation=disable<br />add sslcert ipport=externalip:443 certhash=yourcertthumbprint appid={f955c070-e044-456c-ac00-e9e4275b3f04} clientcertnegotiation=disable<br /><br />For the ADFS 3.0 server (if you needed to update these binding as well) the appid would be {5d89a20c-beab-4389-9447-324788eb944a}. You would be setting up at least three bindings, one for localhost:443, one for your site FQDN:443 and one for your site FQDN:49443. Client cert negotiation should be enabled for port 49443.Unknownhttps://www.blogger.com/profile/15522927016450028802noreply@blogger.comtag:blogger.com,1999:blog-2516515388142486814.post-55675847549974672132016-09-23T06:14:32.078-07:002016-09-23T06:14:32.078-07:00I had the same problem and solved it like this.
I...I had the same problem and solved it like this.<br /><br />In a administrative command prompt enter:<br />netsh http show ssl<br /><br />Copy all the output for 0.0.0.0:443 and externalip:443<br />Delete both bindings:<br />Netsh http delete sslcert ipport=0.0.0.0:443<br />Netsh http delete sslcert ipport=externalip:443<br /><br />Add both bindings with the correct certificate thumbprint:<br /><br />netsh http add sslcert ipport=0.0.0.0:443 certhash=xxxx appid=xxxxxx clientcertnegotiation=disable<br /><br />netsh http add sslcert ipport=externalip:443 certhash=xxxx appid=xxxxxx clientcertnegotiation=disable<br /><br />Restart WAP servicesAnonymoushttps://www.blogger.com/profile/13663010603173428014noreply@blogger.com