Forum Discussion
After Windows 2019 CU KB5012647, enabling IIS automatic rebind of renewed certificates gets an error
Hello everyone,
after installing the KB5012647 cumulative update on a Windows Server 2019 it seems no longer possible to enable the IIS function "automatic rebind of renewed certificates". I get this error:
Error occurred when trying to register automatic rebinding of certificate.
Details: The process creation has been blocked
Any hint ?
Thank you
Riccardo
5 Replies
MattHamrickMicrosoft
The fix for this issue for WS2019 was released in the November 2022 patch Tuesday release (EDIT: and the fix for WS2022 was released in the October 2022 cycle - the same KIR stuff that follows has to be applied on both as of this writing); however, the fix is behind KIR (Known Issue Rollback) and has to be enabled via Group Policy. In a few months the KIR will be removed and the fix will be enabled by default afterwards.
To enable the fix, you will need to download and install a Group Policy from
https://download.microsoft.com/download/0/4/1/0413f07f-a428-4316-9673-2327c328dc34/Windows%2010%201809%20and%20Windows%20Server%202019%20KB5019966%20221129_22351%20Feature%20Preview.msi.
The below article has information on enabling the GP after it's installed:
https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback- I have this issue today and it wasn't helped by the KIR.
- MattHamrickI've not heard of any others experiencing the issue after applying the KIR post-patch. Make sure you go through the process again to ensure it's applied correctly. Also, I'm not sure when, but I'm sure it will be auto-applied soon.
- Share two solutions,
1. Open a cmd with admin privileges, run an MMC, and add the IIS-Console Try the same to enable IIS certificate auto-renew. it works for me
2. The IIS certificate auto-renew is a scheduled task under 'Task scheduler-Microsoft-Windows-CertificateServiceClient'. You can create the scheduled task manually.
