Hi Folks,

We have a Dell Powervault 745N running Windows 2003 standard, SP1. We
have generated and installed an SSL certificate from rapidssl
(geotrust) in IIS and it works ok.

However, upon reboot, when we check the IIS certificate settings in the
virtual directory, we can see that IIS is once again using the old,
machine certificate.

Restarting IIS does not cause the behaviour - only a reboot. I checked
the publicly-signed CA in the machines certificate manager and it looks
ok. No error messages in the event log either. I can't find any mention
of this specific problem on any newsgroups or related websites.

The IIS metabase is working ok otherwise - does not appear to be
corrupt as other settings I change seem to stay as part of the config.

Weird. Any ideas?

tx, Sasha

Can you shutdown IIS, and verify in the metabase.xml file that the correct
certificate is there?

I believe that the SSLCertHash property in the metabase should match the
Thumbprint attribute of the certificate in question. If that's set/saved
correctly into the metabase, then something must be changing it on startup.
You can enable metabase auditing to help you track that down:

Alternatively, if the value is not correct, then perhaps the changes in the
IIS Manager are not being persisted to the actual on-disk metabase (only to
the in-memory copy), and that's a different problem we need to tackle :-)
http://www.adopenstatic.com/faq/IISMetabaseAuditing.aspx

Cheers
Ken


Show quoteHide quote

Great tips!

I checked the SSLcerthash in the metabase before rebooting and the
value in the metabase file matched the value in the SSL certificate. I
enabled auditing per your instructions and sure enough, after the
reboot, there is a security event logged noting the value has changed.
Now that we have confirmed the value is being changed on boot, what is
the next step?

Caller PID 2776 does not appear in the process list in task manager
after the server has completed startup. AFAIK taskcord.exe the server
appliance task coordinator...assuming it handles startup tasks of some
sort.

-------------------------------------------------------------------------------------------
Primary User Name: SYSTEM
Primary User Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Path: /LM/W3SVC/6633
Property ID: 5506
Property Name: SSLCertHash
Old Value:
84 37 c2 d0 61 24 7f 47 67 f7 24 84 b9 1e fe 13
4b a8 a6 66
New Value:
d7 48 f1 ba 6b af 64 27 fc cd 54 2e 0c 4e 59 b9
4b ff 6b 6f
Caller PID: 2776
Caller Image Path:
\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\WINDOWS\system32\ServerAppliance\taskcord.exe
Result: 0x0

Hi,

OK, we seem to be making some progress here. You probably won't see the PID
in the process list, as I suspect that this exe runs at startup, does
various tasks and then quits when done. Also, this .exe doesn't appear in
standard Win2k3 - only it seems in certain Win2k3 builds (such as storage
server I suspect).

I found some info here that might match taskcord.exe:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sakSDK/sak_server_appliance_tasks.asp

If you go to the web interface, do you see any tasks defined that might be
changing the SSL cert?

Otherwise, if you have look in the registry under:
HKLM\Software\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\<MyTaskKey>
(if that key exists), do you see anything incriminating there?

Cheers
Ken


Show quoteHide quote\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\WINDOWS\system32\ServerAppliance\taskcord.exe
Show quoteHide quote

Thanks for the suggestion.

There are no tasks in the web interface (there used to be one listed,
but it disappeared after I installed the third-party cert a while
back).

I took a look in the regkey you suggested and found an entry called
"SelfSignCert.SelfSignCert.1" under the ApplianceInitializationTask
subkey. I removed it, rebooted, but still have the same issue. Here is
a dump of that Microsoft_SA_Task regkey.

---------------------------------------------------------------------------------------------

Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            <NO NAME>
  Type:            REG_SZ
  Data:


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\ApplianceInitializationTask
Class Name:        <NO CLASS>
Last Write Time:   3/14/2006 - 3:27 AM
Value 0
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            TaskName
  Type:            REG_SZ
  Data:            ApplianceInitializationTask

Value 3
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:            ServerAppliance.SAGenTask.1 SetDateTime.DateTime.1
SetAlertEmail.AlertEmail.1 ServerAppliance.SAAlertBootTask.1


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\ApplianceShutdownTask
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:            ServerAppliance.SAShutdownTask.1

Value 3
  Name:            TaskName
  Type:            REG_SZ
  Data:            ApplianceShutdownTask


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\ChangeLanguage
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:            ServerAppliance.LocalizationManagerTasks.1

Value 3
  Name:            TaskName
  Type:            REG_SZ
  Data:            ChangeLanguage


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\EveryBootTask
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:

Value 3
  Name:            TaskName
  Type:            REG_SZ
  Data:            EveryBootTask


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\FirstBootTask
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:

Value 3
  Name:            TaskName
  Type:            REG_SZ
  Data:            FirstBootTask


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\SecondBootTask
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:

Value 3
  Name:            TaskName
  Type:            REG_SZ
  Data:            SecondBootTask


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\SetAlertEmail
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:            SetAlertEmail.AlertEmail.1

Value 3
  Name:            TaskName
  Type:            REG_SZ
  Data:            SetAlertEmail


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\SetDateTime
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            TaskName
  Type:            REG_SZ
  Data:            SetDateTime

Value 1
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:            SetDateTime.DateTime.1

Value 2
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 3
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0


Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerAppliance\ApplianceManager\ObjectManagers\Microsoft_SA_Task\SetTimeZone
Class Name:        <NO CLASS>
Last Write Time:   1/22/2006 - 10:55 AM
Value 0
  Name:            TaskName
  Type:            REG_SZ
  Data:            SetTimeZone

Value 1
  Name:            TaskExecutables
  Type:            REG_SZ
  Data:            SetDateTime.DateTime.1

Value 2
  Name:            IsEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 3
  Name:            CanDisable
  Type:            REG_DWORD
  Data:            0

Scratch my last comment - deleting that entry worked!  On reboot, the
SSL certificate listed in IIS did not revert. Thanks kindly, Sasha

Install SSL on Default Website Affects Other websites???
Application Pool timouts.
Remember My Password checkbox
IIS6 on Win 2003 server ISAPI loadLibrary security problem
IIS suddenly wants login?
no client-answer on challenge-msg (type2)
About SSL security and IIS 6.0
The call to Server.CreateObject failed while checking permissions.
IIS 5.0 Security
Strange login issue