SharePoint 2013 creates the “SharePoint Web Services” web application with bindings http->32843 and https->32844 and binds a private certificate from the LocalMachine\SharePoint certificate store to the https->32844 binding. My colleague used Remove-WebBinding -name “WebAppTitle” with the intention to remove only the binding for the specified web application name, but Remove-WebBinding seems to remove all IIS bindings, including the Default Webapplication, Central Administration and SharePoint Web Services!
Fixed the procedure by first getting the bindings before removing them: Get-WebBinding -name “WebAppTitle” | Remove-WebBinding. Anyways, the code below recreates the bindings for the “SharePoint Web Services” webapplication:
# Recreate web bindings for the SharePoint 2013 webservice webapp "SharePoint Web Services" # Victor Vogelpoel Feb 2013 $webappName = "SharePoint Web Services" if (!(Get-WebBinding -name $webappName -protocol "https" -port 32844)) { New-WebBinding -name $webappName -ip "*" -port 32844 -protocol "https" } # Bind SharePoint's own "SharePoint Services" certificate to the webbinding for HTTPS 32844 $b = Get-WebBinding -name $webappName -protocol "https" -port 32844 if ($b) { $cert = get-childitem cert:\\localmachine\sharepoint | where { $_.subject -match "^CN=SharePoint Services" } if (!$cert) { throw "Cannot find `"SharePoint Services`" certificate in SharePoint certificate store" } [void]$b.AddSslCertificate($cert.ThumbPrint, "SharePoint") } else { throw "Cannot find webbinding" } if (!(Get-WebBinding -name $webappName -protocol "http" -port 32843)) { New-WebBinding -name $webappName -ip "*" -port 32843 -protocol "http" }
February 24, 2014 at 10:41
Thanks Victor, You saved my time! 🙂
February 24, 2014 at 10:47
You’re very welcome!
August 19, 2015 at 00:15
Hi Victor, it’s a small world 🙂 This saved my day after almost giving up after a long and frustrating night. Thank you! – Your old colleague Roderick
August 19, 2015 at 08:11
Hey Roderick, glad that it helped you!
March 1, 2016 at 14:49
Thank you very much for this tip!
By mistake I assigned an SSL certificate to the 32844 binding and could not put it back into original state via IIS Manager. Your script saved me!
March 18, 2016 at 16:43
Thanks! Was messing around in my TEST environment and needed to reset this. Saved me the hassle!
October 26, 2016 at 12:16
Can we configure SharePoint Web Services only with https binding without http
October 26, 2016 at 12:28
I believe the 32843 and 32844 ports are for INTRA farm communication between the services on SharePoint servers and I wouldn’t touch that!
They don’t need to be accessible from outside the farm and you could use Windows Firewall to disallow any access to these ports from any other servers than the SharePoint farm servers.
For more information see https://blogs.msdn.microsoft.com/uksharepoint/2013/01/21/sharepoint-2013-ports-proxies-and-protocols-an-overview-of-farm-communications/ and https://technet.microsoft.com/en-us/library/cc262849.aspx?f=255&MSPPError=-2147217396.
December 7, 2017 at 22:23
Hello Victor,
Somehow in our SharePoint 2013 environment on the server where we have Search Admin Component provisioned, on that server we see that for port 32844 a different certificate has been applied. The certificate which is currently applied on port 32844 on that server is named as WMSvc-Servername.
I have currently an issue with Search 2013 where I’m not able to access content source page and even when I click on the Administration page, I’m getting an error
An operation failed because the following certificate has validation errors: Subject Name: CN=WMSvc-XXXXXX Issuer Name: CN=WMSvc-XXXXXXXXX Thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXX Errors: SSL policy errors have been encountered. Error code ‘0x6’..
Application error when access /_admin/search/listcontentsources.aspx, Error=The remote certificate is invalid according to the validation procedure.
I suspect this is due to the certificate which is bind on port 32844 on Admin component. I just want to know, using your script, will only update the certificate bind for port 32844 on the server where I run this command or it will also make changes to any other server in the farm.
Other server in our farm have the correct certificate bind to the port 32844 which is SharePoint Services certificate.
December 8, 2017 at 12:42
The script repairs IIS bindings on a local machine for the two (farm intra communication) ports, thus not for all machines in an farm. The “SharePoint Services” certificates are SharePoint private and I suppose SharePoint created these while installing. The script finds the “SharePoint Services” certificates in the machines Certificate Store and rebinds them to the IIS binding.
September 27, 2019 at 10:29
Hi Victor,
Thnx for your script. You’re a lifesaver!!