0

Long story short, I have a website on a IIS server in which SSL stopped working. Removing and adding the SSL cert did not resolve the issue. I found this blog and verified I had the same problem.

Below is the command output proving I had a ghost certificate (because of the zero guid):

httpcfg query ssl
<SNIP/>
IP                      : 10.10.20.50:443
Hash                    :
Guid                    : {00000000-0000-0000-0000-000000000000}
CertStoreName           : (null)
CertCheckMode           : 0
RevocationFreshnessTime : 0
UrlRetrievalTimeout     : 0
SslCtlIdentifier        : (null)
SslCtlStoreName         : (null)
Flags                   : 0
------------------------------------------------------------------------------

Unfortunately, the solution provided did not solve the problem.

C:\Documents and Settings\justindearing>httpcfg delete ssl -i 10.10.20.50:443
HttpDeleteServiceConfiguration completed with 1019.

HttpDeleteServiceConfiguration is a windows API, Error code 1019 is ERROR_NO_LOG_SPACE or “System could not allocate the required space in a registry log.”

The server had 200 megs free on the C driver. I of course realize this is a problem. It is a dev server and not properly monitored. Lets put aside the fact that the server should have never gotten that low on disk space.

Even after freeing up 200 more megs I kept getting the error. I doubt freeing up a gig will solve this problem. What can I do to further diagnose this error?

On a final note, this is a dev server and all the ssl certificates are self signed. At the moment I worked around the issue by adding another IP to the server and binding a new virtual host and ssl cert to that.

Justin Dearing
  • 1,037
  • 12
  • 33

2 Answers2

0

The solution was to reboot and then I was able to delete the certificate.

Justin Dearing
  • 1,037
  • 12
  • 33
0

Here are some questions and things to try:

  • After you ran the httpcfg delete ssl, did you confirm that it deleted the cert?
  • I assume that you created the cert again on the server? Does it appear correctly with the httpcfg query ssl now?
  • It's possible that the certificate store got messed up when the available space was even lower, and it doesn't realize that the disk space has been resolved yet. If the problem persists, be sure to restart relevant services (I'm not sure all that would be involved) or just give it a reboot. Then reimport the certs.
  • Test with a self signed cert to see if that works. That will tell you if it's the cert or the cert store.
  • Try process monitor from www.sysinternals.com when registering the cert (or wherever it's failing) and track what it's doing on disk.
Scott Forsyth
  • 16,449
  • 3
  • 37
  • 56
  • It did not delete the cert. I've tried to delete the cert after freeing up disk space etc. I've done everything but reboot the server. I tried restarting IIS. I will try restarting the ssl service and rebooting the service when I get permission to. Regarding your suggestion with process monitor, are you suggesting that I monitor just httpcfg? Is there a way to keep around that processes info after the process dies? I will have to play around with it. – Justin Dearing Nov 22 '09 at 00:29
  • Also this is a dev box, and all the certs are self signed. – Justin Dearing Nov 22 '09 at 00:34
  • I can't tell if you've deleted the cert and started again. You may have to do that since he cert itself appears to be messed up. With process monitor, either get the PID just before filtering it, or filter by the process name and not the PID since, you're right, the process info changes with each recycle. It won't drop anything from a capture though until you clear the capture data. – Scott Forsyth Nov 22 '09 at 16:19