If HTTPS fails to start correctly following a server restart, but HTTP does. Try looking at the binding on the website which https is attached to; the act of looking (and clicking ok) will be enough to get https running again temporarily.

But if it fails again on reboot, look at the logs, and in particular for the code 0x8009030d in the Schannel log (found in event viewer/windows logs/system – it’s a source here). If you see this, there’s an issue with the certificate as described here:

http://blogs.msdn.com/b/asiatech/archive/2013/03/25/case-study-ssl-does-not-work-in-iis-7-5-after-server-reboots.aspx

Start up mmc from the command line, and add the certificate manager snap-in. Choose the ‘Computer Account’ option to manage. Find the certificate (often in the personal certificate store), and export it. Include the private key, select the .pfx option, and include all certificates. Give it a password, and save it to a file.

Now select the certificate store within mmc, right click it and choose import. Import the key you just exported, ticking ‘Mark key as exportable’.

Now reboot the server; when it comes back up 0x8009030d error should no longer appear in the logs and http/https should both be running correctly.

 

Archives