Home
%3CLINGO-SUB%20id%3D%22lingo-sub-376396%22%20slang%3D%22en-US%22%3ESSL%20Bindings%20are%20randomly%20getting%20deleted%20for%20a%20website%20with%20error%20%22SSL%20Certificate%20Settings%20deleted%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-376396%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3E%3CU%3ESymptoms%3C%2FU%3E%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAre%20you%20getting%20into%20a%20scenario%20wherein%20randomly%20your%20Website%20loses%20or%20changes%20the%20SSL%20certificate%20bindings%20from%20within%20the%20IIS%20manager%3F%20And%20you%20realize%20it%20only%20when%20users%20complain%20that%20they%20are%20unable%20to%20reach%20the%20HTTPS%20site%2C%20or%20that%20they%20get%20a%20certificate%20warning.%20They%20are%20able%20to%20access%20the%20website%20over%20HTTP%20but%20not%20over%20HTTPS%20because%20the%20certificate%20binding%20is%20lost%20for%20the%20website%2C%20or%20they%20may%20be%20prompted%20that%20the%20certificate%20is%20expired%2C%20or%20the%20site%20name%20is%20incorrect.%20At%20this%20point%20of%20time%20you%20also%20notice%20that%20System%20Event%20log%20entry%20shows%20the%20following%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELog%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20System%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ESource%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Microsoft-Windows-HttpEvent%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EDate%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%203%2F31%2F2010%202%3A43%3A28%20PM%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EEvent%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%2015300%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ETask%20Category%3A%20None%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ELevel%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Warning%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EKeywords%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Classic%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EUser%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20N%2FA%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EComputer%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20myMachine%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EDescription%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ESSL%20Certificate%20Settings%20deleted%20for%20Port%20%3A%200.0.0.0%3A443%20.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20go%20to%20the%20IIS%20manager%20and%20check%20the%20bindings%20for%20the%20Website%20in%20question%20you%20will%20see%20either%20the%20certificate%20binding%20is%20lost%20or%20some%20other%20certificate%20is%20listed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20also%20crosscheck%20the%20registry%20entry%20below%20for%20your%20IP%2FPort%20binding%20associated%20with%20your%20website%20and%20you%20may%20find%20it%20deleted.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHKLM%5CSystem%5CCurrentControlSet%5CSERVICES%5CHTTP%5CParameters%5CSslBindingInfo%5CX.X.X.X%3A443%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20is%20how%20it%20looks%20if%20you%20have%20the%20proper%20binding%20set%20at%20the%20http.sys%20level%20in%20the%20Registry.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20target%3D%22_blank%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FTNBlogsFS%2FBlogFileStorage%2Fblogs_msdn%2Fsaurabh_singh%2FWindowsLiveWriter%2FSSLBindingsaregetting.X443intheeventlogs_11031%2Fclip_image002_bc6d0fff-c97d-476f-b83a-aab194a0763b.gif%22%20border%3D%220%22%20alt%3D%22clip_image002%22%20title%3D%22clip_image002%22%20width%3D%22220%22%20height%3D%22205%22%20%2F%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENote%3A%26nbsp%3B%20Should%20the%20certificate%20be%20changed%2C%20the%20binding%20will%20look%20the%20same.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3E%3CU%3EAssessment%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20experiencing%20the%20above%20problem%20it%20could%20be%20related%20to%20the%20following%20%3CCUSTOMMETADATA%3E%20tag%20in%20your%20ApplicationHost.config.%3C%2FCUSTOMMETADATA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%221%22%3E%3CKEY%20path%3D%22%26quot%3BLM%2FW3SVC%2FX%26quot%3B%22%3E%3C%2FKEY%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%221%22%3E%3CPROPERTY%20id%3D%22%26quot%3B%26lt%3BSTRONG%22%3E5506%22%20dataType%3D%22Binary%22%20userType%3D%221%22%20attributes%3D%22None%22%20value%3D%22oXiHOzFAMOF0YxIuI7soWvDFEzg%3D%22%20%2F%26gt%3B%3C%2FPROPERTY%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%221%22%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20above%20property%20is%20used%20to%20store%20a%20SSL%20certificate%20hash.%20It%20is%20specifically%20the%20ID%205506%20entry%20you%20need%20to%20check%20for.%20That%20ID%20is%20the%20legacy%20property%20for%20certificate%20hash.%20Whenever%20any%20application%2Fservice%20which%20depends%20upon%20the%20ABO%20mapper%20runs%2Fstarts%2C%20it%20tries%20to%20initialize%20the%20ABO%20tree%20structure%20which%20includes%20generating%20custom%20nodes%20and%20properties.%20During%20this%20process%20it%20reads%20from%20this%20custom%20metadata%20section%20and%20tries%20to%20map%20the%20properties%20in%20the%20ABO%20tree%20structure.%20During%20mapping%20it%20deletes%20the%20current%20SSL%20mapping(s)%20at%20the%20http.sys%20level%20and%20recreates%20a%20new%20one%20using%20the%20above%20hash%20value.%20If%20this%20value%20is%20invalid%20for%20some%20reason%20it%20fails%20to%20add%20the%20new%20entry%20for%20SSL%20binding%20at%20the%20http.sys%20level.%20So%20in%20such%20a%20case%20the%20above%20registry%20key%20does%20not%20have%20an%20entry%20for%20the%20website%E2%80%99s%20IP%3APort%20combination%20corresponding%20to%20the%20SSL%20setting%20in%20the%20UI%20like%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20target%3D%22_blank%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FTNBlogsFS%2FBlogFileStorage%2Fblogs_msdn%2Fsaurabh_singh%2FWindowsLiveWriter%2FSSLBindingsaregetting.X443intheeventlogs_11031%2Fclip_image004_2aaa6f1c-2f1f-4f8b-b5c3-3105e4a23041.gif%22%20border%3D%220%22%20alt%3D%22clip_image004%22%20title%3D%22clip_image004%22%20width%3D%22468%22%20height%3D%22190%22%20%2F%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3E%3CSTRONG%3E%3CEM%3ECall%20stack%20output%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20use%20the%20Debugging%20Tools%20for%20Windows%20and%20the%20Microsoft%20symbol%20server%20to%20attach%20to%20the%20process%20Inetinfo.exe%2C%20you%20will%20notice%20a%20call%20stack%20that%20resembles%20the%20following%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eabocomp!UpdateSSLProperty%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!SITE_CUSTOM_PROVIDER%3A%3AMapSetData%2B0x371%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_NODE%3A%3AMapSetData%2B0xd9%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_NODE%3A%3ASetData%2B0xbd%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_TREE%3A%3ASetCustomProperty%2B0x34a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_TREE%3A%3AGenerateCustomNodesAndProperties%2B0x1ad%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_TREE%3A%3AGenerateTree%2B0x28d%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_WRAPPER%3A%3AInitializeTreeAndState%2B0xad%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_WRAPPER%3A%3AGetCurrentAboTree%2B0xc7%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eabocomp!ABO_WRAPPER%3A%3AOpenKey%2B0x154%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ECOADMIN!CADMCOMW%3A%3AOpenKeyHelper%2B0x172%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ECOADMIN!CADMCOMW%3A%3AOpenKey%2B0x53%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!Invoke%2B0x65%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!NdrStubCall2%2B0x348%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!CStdStubBuffer_Invoke%2B0x9a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eole32!SyncStubInvoke%2B0x5d%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eole32!StubInvoke%2B0xdf%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eole32!CCtxComChnl%3A%3AContextInvoke%2B0x19f%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eole32!AppInvoke%2B0xc2%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eole32!ComInvokeWithLockAndIPID%2B0x407%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Eole32!ThreadInvoke%2B0x1f0%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!DispatchToStubInCNoAvrf%2B0x14%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!RPC_INTERFACE%3A%3ADispatchToStubWorker%2B0x100%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!RPC_INTERFACE%3A%3ADispatchToStub%2B0x62%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!RPC_INTERFACE%3A%3ADispatchToStubWithObject%2B0x5b%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!LRPC_SCALL%3A%3ADispatchRequest%2B0x436%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!LRPC_SCALL%3A%3AHandleRequest%2B0x200%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!LRPC_ADDRESS%3A%3AProcessIO%2B0x44a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!LOADABLE_TRANSPORT%3A%3AProcessIOEvents%2B0x24a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!ProcessIOEventsWrapper%2B0x9%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!BaseCachedThreadRoutine%2B0x94%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3ERPCRT4!ThreadStartRoutine%2B0x24%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Ekernel32!BaseThreadInitThunk%2B0xd%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3Entdll!RtlUserThreadStart%2B0x1d%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20break%20into%20the%20function%20which%20calls%20into%20the%20HTTP.sys%20at%20the%20kernel%20mode%20to%20delete%20the%20SslBindingInfo%20Registry%20key.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3E%3CU%3ESteps%20to%20reproduce%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20can%20reproduce%20this%20issue%20at%20will%20by%20adding%20the%20following%20under%20%3CCUSTOMMETADATA%3E%20section%20of%20your%20applicationhost.config%20file%3C%2FCUSTOMMETADATA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CKEY%20path%3D%22%26quot%3BLM%2FW3SVC%2FX%26quot%3B%22%3E%3C%2FKEY%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CPROPERTY%20id%3D%22%26quot%3B5506%26quot%3B%22%20datatype%3D%22%26quot%3BBinary%26quot%3B%22%20usertype%3D%22%26quot%3B1%26quot%3B%22%20attributes%3D%22%26quot%3BNone%26quot%3B%22%20value%3D%22%26quot%3BoXiHOzFAMOF0YxIuI7soWvDFEzg%3D%26quot%3B%22%3E%3C%2FPROPERTY%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eand%20then%20launching%20any%20application%20which%20requires%20ABO%20Mapper%2C%20for%20e.g.%20launching%20Inetmgr6.exe%20or%20enumerating%20using%20ADSUTIL%20VBscript.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3E%3CSTRONG%3E%3CEM%3EResolution%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20property%20is%20a%20legacy%20feature%20from%20IIS%206%20days%20and%20ported%20onto%20IIS%207%2B.%20If%20we%20have%20correctly%20added%20the%20certificate%20in%20the%20IIS%20manager%20this%20specific%20property%20with%20id%205506%20is%20not%20needed.%20Search%20for%20the%20above%20entry%20in%20your%20ApplicationHost.config%20file%20and%20remove%20the%20property%20in%20case%20you%20are%20seeing%20the%20above%20issue.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPS%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3EI%20have%20got%20the%20above%20issue%2Fresolution%20recently%20documented%20as%20a%20fast-publish%20KB%20article%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2025598%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E2025598%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAuthor%3A%26nbsp%3B%3CA%20class%3D%22url%20fn%20n%20profile-usercard-hover%22%20href%3D%22https%3A%2F%2Fsocial.msdn.microsoft.com%2Fprofile%2FSaur212%22%20data-profile-userid%3D%22785f44bb2b3d4e2bad234fa529cba3dd%22%20data-profile-rendered%3D%22true%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESaur212%3C%2FA%3E%3C%2FP%3E
Microsoft

Symptoms

 

Are you getting into a scenario wherein randomly your Website loses or changes the SSL certificate bindings from within the IIS manager? And you realize it only when users complain that they are unable to reach the HTTPS site, or that they get a certificate warning. They are able to access the website over HTTP but not over HTTPS because the certificate binding is lost for the website, or they may be prompted that the certificate is expired, or the site name is incorrect. At this point of time you also notice that System Event log entry shows the following:

 

Log Name:      System 
Source:        Microsoft-Windows-HttpEvent 
Date:          3/31/2010 2:43:28 PM 
Event ID:      15300 
Task Category: None 
Level:         Warning 
Keywords:      Classic 
User:          N/A 
Computer:      myMachine 
Description: 
SSL Certificate Settings deleted for Port : 0.0.0.0:443 .

 

If you go to the IIS manager and check the bindings for the Website in question you will see either the certificate binding is lost or some other certificate is listed.

 

You can also crosscheck the registry entry below for your IP/Port binding associated with your website and you may find it deleted.

 

HKLM\System\CurrentControlSet\SERVICES\HTTP\Parameters\SslBindingInfo\X.X.X.X:443

 

Here is how it looks if you have the proper binding set at the http.sys level in the Registry.

 

clip_image002

 

Note:  Should the certificate be changed, the binding will look the same.

 

Assessment

 

If you are experiencing the above problem it could be related to the following <customMetadata> tag in your ApplicationHost.config.

 

<key path="LM/W3SVC/X">

 

<property id="5506" dataType="Binary" userType="1" attributes="None" value="oXiHOzFAMOF0YxIuI7soWvDFEzg=" />

 

</key>

 

The above property is used to store a SSL certificate hash. It is specifically the ID 5506 entry you need to check for. That ID is the legacy property for certificate hash. Whenever any application/service which depends upon the ABO mapper runs/starts, it tries to initialize the ABO tree structure which includes generating custom nodes and properties. During this process it reads from this custom metadata section and tries to map the properties in the ABO tree structure. During mapping it deletes the current SSL mapping(s) at the http.sys level and recreates a new one using the above hash value. If this value is invalid for some reason it fails to add the new entry for SSL binding at the http.sys level. So in such a case the above registry key does not have an entry for the website’s IP:Port combination corresponding to the SSL setting in the UI like below:

 

clip_image004

 

Call stack output

 

If you use the Debugging Tools for Windows and the Microsoft symbol server to attach to the process Inetinfo.exe, you will notice a call stack that resembles the following below:

 

abocomp!UpdateSSLProperty 
abocomp!SITE_CUSTOM_PROVIDER::MapSetData+0x371 
abocomp!ABO_NODE::MapSetData+0xd9 
abocomp!ABO_NODE::SetData+0xbd 
abocomp!ABO_TREE::SetCustomProperty+0x34a 
abocomp!ABO_TREE::GenerateCustomNodesAndProperties+0x1ad 
abocomp!ABO_TREE::GenerateTree+0x28d 
abocomp!ABO_WRAPPER::InitializeTreeAndState+0xad 
abocomp!ABO_WRAPPER::GetCurrentAboTree+0xc7 
abocomp!ABO_WRAPPER::OpenKey+0x154 
COADMIN!CADMCOMW::OpenKeyHelper+0x172 
COADMIN!CADMCOMW::OpenKey+0x53 
RPCRT4!Invoke+0x65 
RPCRT4!NdrStubCall2+0x348 
RPCRT4!CStdStubBuffer_Invoke+0x9a 
ole32!SyncStubInvoke+0x5d 
ole32!StubInvoke+0xdf 
ole32!CCtxComChnl::ContextInvoke+0x19f 
ole32!AppInvoke+0xc2 
ole32!ComInvokeWithLockAndIPID+0x407 
ole32!ThreadInvoke+0x1f0 
RPCRT4!DispatchToStubInCNoAvrf+0x14 
RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x100 
RPCRT4!RPC_INTERFACE::DispatchToStub+0x62 
RPCRT4!RPC_INTERFACE::DispatchToStubWithObject+0x5b 
RPCRT4!LRPC_SCALL::DispatchRequest+0x436 
RPCRT4!LRPC_SCALL::HandleRequest+0x200 
RPCRT4!LRPC_ADDRESS::ProcessIO+0x44a 
RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x24a 
RPCRT4!ProcessIOEventsWrapper+0x9 
RPCRT4!BaseCachedThreadRoutine+0x94 
RPCRT4!ThreadStartRoutine+0x24 
kernel32!BaseThreadInitThunk+0xd 
ntdll!RtlUserThreadStart+0x1d

 

We break into the function which calls into the HTTP.sys at the kernel mode to delete the SslBindingInfo Registry key.

 

Steps to reproduce

 

We can reproduce this issue at will by adding the following under <CustomMetadata> section of your applicationhost.config file

 

<key path="LM/W3SVC/X">

 

<property id="5506" dataType="Binary" userType="1" attributes="None" value="oXiHOzFAMOF0YxIuI7soWvDFEzg=" />

 

</key>

 

and then launching any application which requires ABO Mapper, for e.g. launching Inetmgr6.exe or enumerating using ADSUTIL VBscript.

 

Resolution

 

This property is a legacy feature from IIS 6 days and ported onto IIS 7+. If we have correctly added the certificate in the IIS manager this specific property with id 5506 is not needed. Search for the above entry in your ApplicationHost.config file and remove the property in case you are seeing the above issue.

 

PS: I have got the above issue/resolution recently documented as a fast-publish KB article 2025598.

 

Author: Saur212