Victor Vogelpoel

Excellence is in the details

PowerShell: Recreate “SharePoint Web Services” web application bindings


SharePoint 2013 creates the “SharePoint Web Services” web application with bindings http->32843 and https->32844 and binds a private certificate from the LocalMachine\SharePoint certificate store to the https->32844 binding. My colleague used Remove-WebBinding -name “WebAppTitle” with the intention to remove only the binding for the specified web application name, but Remove-WebBinding seems to remove all IIS bindings, including the Default Webapplication, Central Administration and SharePoint Web Services!

Fixed the procedure by first getting the bindings before removing them: Get-WebBinding -name “WebAppTitle” | Remove-WebBinding. Anyways, the code below recreates the bindings for the “SharePoint Web Services” webapplication:

# Recreate web bindings for the SharePoint 2013 webservice webapp "SharePoint Web Services"
# Victor Vogelpoel Feb 2013

$webappName = "SharePoint Web Services"

if (!(Get-WebBinding -name $webappName -protocol "https" -port 32844))
  New-WebBinding -name $webappName  -ip "*" -port 32844 -protocol "https"

# Bind SharePoint's own "SharePoint Services" certificate to the webbinding for HTTPS 32844
$b = Get-WebBinding -name $webappName -protocol "https" -port 32844
if ($b)
  $cert = get-childitem cert:\\localmachine\sharepoint | where { $_.subject -match "^CN=SharePoint Services" }
  if (!$cert)
    throw "Cannot find `"SharePoint Services`" certificate in SharePoint certificate store"

  [void]$b.AddSslCertificate($cert.ThumbPrint, "SharePoint")
  throw "Cannot find webbinding"

if (!(Get-WebBinding -name $webappName -protocol "http" -port 32843))
  New-WebBinding -name $webappName  -ip "*" -port 32843 -protocol "http"

Author: Victor Vogelpoel

Dad, Technical specialist, PowerShell architect, photographer and just a guy whose life happens while trying planning it.

11 thoughts on “PowerShell: Recreate “SharePoint Web Services” web application bindings

  1. Thanks Victor, You saved my time! 🙂

  2. Hi Victor, it’s a small world 🙂 This saved my day after almost giving up after a long and frustrating night. Thank you! – Your old colleague Roderick

  3. Thank you very much for this tip!
    By mistake I assigned an SSL certificate to the 32844 binding and could not put it back into original state via IIS Manager. Your script saved me!

  4. Thanks! Was messing around in my TEST environment and needed to reset this. Saved me the hassle!

  5. Can we configure SharePoint Web Services only with https binding without http

  6. Hello Victor,

    Somehow in our SharePoint 2013 environment on the server where we have Search Admin Component provisioned, on that server we see that for port 32844 a different certificate has been applied. The certificate which is currently applied on port 32844 on that server is named as WMSvc-Servername.

    I have currently an issue with Search 2013 where I’m not able to access content source page and even when I click on the Administration page, I’m getting an error

    An operation failed because the following certificate has validation errors: Subject Name: CN=WMSvc-XXXXXX Issuer Name: CN=WMSvc-XXXXXXXXX Thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXX Errors: SSL policy errors have been encountered. Error code ‘0x6’..

    Application error when access /_admin/search/listcontentsources.aspx, Error=The remote certificate is invalid according to the validation procedure.

    I suspect this is due to the certificate which is bind on port 32844 on Admin component. I just want to know, using your script, will only update the certificate bind for port 32844 on the server where I run this command or it will also make changes to any other server in the farm.

    Other server in our farm have the correct certificate bind to the port 32844 which is SharePoint Services certificate.

  7. The script repairs IIS bindings on a local machine for the two (farm intra communication) ports, thus not for all machines in an farm. The “SharePoint Services” certificates are SharePoint private and I suppose SharePoint created these while installing. The script finds the “SharePoint Services” certificates in the machines Certificate Store and rebinds them to the IIS binding.

  8. Hi Victor,
    Thnx for your script. You’re a lifesaver!!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s