After Windows 2019 CU KB5012647, enabling IIS automatic rebind of renewed certificates gets an error

Senior Member

Hello everyone,

after installing the KB5012647 cumulative update on a Windows Server 2019 it seems no longer possible to enable the IIS function "automatic rebind of renewed certificates". I get this error:


Error occurred when trying to register automatic rebinding of certificate.

Details: The process creation has been blocked

 

Screenshot 2022-06-20 013004.jpg

 

Any hint ?

Thank you

Riccardo

3 Replies

@sarchio69 we are experiencing the same issue. Did you find if there was a workaround?

Share two solutions,
1. Open a cmd with admin privileges, run an MMC, and add the IIS-Console Try the same to enable IIS certificate auto-renew. it works for me
2. The IIS certificate auto-renew is a scheduled task under 'Task scheduler-Microsoft-Windows-CertificateServiceClient'. You can create the scheduled task manually.

The fix for this issue for WS2019 was released in the November 2022 patch Tuesday release; however, the fix is behind KIR (Known Issue Rollback) and has to be enabled via Group Policy. In a few months the KIR will be removed and the fix will be enabled by default afterwards.

To enable the fix, you will need to download and install a Group Policy from
https://download.microsoft.com/download/0/4/1/0413f07f-a428-4316-9673-2327c328dc34/Windows%2010%2018....

The below article has information on enabling the GP after it's installed:
https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deplo...