Victor Vogelpoel

Excellence is in the details

PowerShell: Recreate “SharePoint Web Services” web application bindings

February 3, 2014 by Victor Vogelpoel 10 Comments

SharePoint 2013 creates the “SharePoint Web Services” web application with bindings http->32843 and https->32844 and binds a private certificate from the LocalMachine\SharePoint certificate store to the https->32844 binding. My colleague used Remove-WebBinding -name “WebAppTitle” with the intention to remove only the binding for the specified web application name, but Remove-WebBinding seems to remove all IIS bindings, including the Default Webapplication, Central Administration and SharePoint Web Services!

Fixed the procedure by first getting the bindings before removing them: Get-WebBinding -name “WebAppTitle” | Remove-WebBinding. Anyways, the code below recreates the bindings for the “SharePoint Web Services” webapplication:

# Recreate web bindings for the SharePoint 2013 webservice webapp "SharePoint Web Services"
# Victor Vogelpoel Feb 2013

$webappName = "SharePoint Web Services"

if (!(Get-WebBinding -name $webappName -protocol "https" -port 32844))
{
  New-WebBinding -name $webappName  -ip "*" -port 32844 -protocol "https"
}

# Bind SharePoint's own "SharePoint Services" certificate to the webbinding for HTTPS 32844
$b = Get-WebBinding -name $webappName -protocol "https" -port 32844
if ($b)
{
  $cert = get-childitem cert:\\localmachine\sharepoint | where { $_.subject -match "^CN=SharePoint Services" }
  if (!$cert)
  {
    throw "Cannot find `"SharePoint Services`" certificate in SharePoint certificate store"
  }

  [void]$b.AddSslCertificate($cert.ThumbPrint, "SharePoint")
}
else
{
  throw "Cannot find webbinding"
}

if (!(Get-WebBinding -name $webappName -protocol "http" -port 32843))
{
  New-WebBinding -name $webappName  -ip "*" -port 32843 -protocol "http"
}

Author: Victor Vogelpoel

Dad, SharePoint technical specialist, PowerShell architect, photographer and just a guy whose life happens while trying planning it.

10 thoughts on “PowerShell: Recreate “SharePoint Web Services” web application bindings”

Leave a comment

Arash Aghajani
February 24, 2014 at 10:41

Thanks Victor, You saved my time! 🙂

Reply
- Victor Vogelpoel
  February 24, 2014 at 10:47
  
  You’re very welcome!
  
  Reply
Roderick Claassen
August 19, 2015 at 00:15

Hi Victor, it’s a small world 🙂 This saved my day after almost giving up after a long and frustrating night. Thank you! – Your old colleague Roderick

Reply
- Victor Vogelpoel
  August 19, 2015 at 08:11
  
  Hey Roderick, glad that it helped you!
  
  Reply
Harald
March 1, 2016 at 14:49

Thank you very much for this tip!
By mistake I assigned an SSL certificate to the 32844 binding and could not put it back into original state via IIS Manager. Your script saved me!

Reply
Nick
March 18, 2016 at 16:43

Thanks! Was messing around in my TEST environment and needed to reset this. Saved me the hassle!

Reply
Bijomon
October 26, 2016 at 12:16

Can we configure SharePoint Web Services only with https binding without http

Reply
- Victor Vogelpoel
  October 26, 2016 at 12:28
  
  I believe the 32843 and 32844 ports are for INTRA farm communication between the services on SharePoint servers and I wouldn’t touch that!
  They don’t need to be accessible from outside the farm and you could use Windows Firewall to disallow any access to these ports from any other servers than the SharePoint farm servers.
  For more information see https://blogs.msdn.microsoft.com/uksharepoint/2013/01/21/sharepoint-2013-ports-proxies-and-protocols-an-overview-of-farm-communications/ and https://technet.microsoft.com/en-us/library/cc262849.aspx?f=255&MSPPError=-2147217396.
  
  Reply
Sagar
December 7, 2017 at 22:23

Hello Victor,

Somehow in our SharePoint 2013 environment on the server where we have Search Admin Component provisioned, on that server we see that for port 32844 a different certificate has been applied. The certificate which is currently applied on port 32844 on that server is named as WMSvc-Servername.

I have currently an issue with Search 2013 where I’m not able to access content source page and even when I click on the Administration page, I’m getting an error

An operation failed because the following certificate has validation errors: Subject Name: CN=WMSvc-XXXXXX Issuer Name: CN=WMSvc-XXXXXXXXX Thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXX Errors: SSL policy errors have been encountered. Error code ‘0x6’..

Application error when access /_admin/search/listcontentsources.aspx, Error=The remote certificate is invalid according to the validation procedure.

I suspect this is due to the certificate which is bind on port 32844 on Admin component. I just want to know, using your script, will only update the certificate bind for port 32844 on the server where I run this command or it will also make changes to any other server in the farm.

Other server in our farm have the correct certificate bind to the port 32844 which is SharePoint Services certificate.

Reply
Victor Vogelpoel
December 8, 2017 at 12:42

The script repairs IIS bindings on a local machine for the two (farm intra communication) ports, thus not for all machines in an farm. The “SharePoint Services” certificates are SharePoint private and I suppose SharePoint created these while installing. The script finds the “SharePoint Services” certificates in the machines Certificate Store and rebinds them to the IIS binding.

Reply

Leave a Reply to Nick Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: