"Failed to enumerate SSL bindings" error code 234

Question

Does anybody know how to resolve this issue?

Replicate when you type the following command in PowerShell.

dir iis:\sslbindings

I have comes across this page on Microsoft TechNet which doesn't address the problem.

Edit

When invoking the command I get the error

failed to enumerate SSL bindings

Apparently due to a corrupted registry?

Answer 1

In my case, I've got the error when I had both SslCertStoreName and DefaultSslCtlStoreName in the registry. I deleted DefaultSslCtlStoreName and the error is gone for a while. For some reason, DefaultSslCtlStoreName was created in the registry again, and I've got the error again. So I wrote a simple powershell script that deletes it.

This is the part from my build script.

function CleanupSslBindings() 
{
    $sslBindingsPath = 'hklm:\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\'
    $registryItems = Get-ChildItem -Path $sslBindingsPath |
        Where-Object -FilterScript { ($_.Property -eq 'DefaultSslCtlStoreName')}

    If ($registryItems.Count -gt 0) {
        ForEach ($item in $registryItems) {
            $item | Remove-ItemProperty -Name DefaultSslCtlStoreName
            Write-Host "Deleted DefaultSslCtlStoreName in " $item.Name
        }
    } Else {
        Write-Host "No DefaultSslCtlStoreName found. The SSL Bindings registry is clean."
    }
}

Answer 2

In my case, I had built WCF services hosted as windows services. When I did this, I apparently didn't know (and still don't) how to assign things like appid's (noticeable when you netsh http show sslcert), and other items that crop up... including an item related to this error.

Essentially, I read the same page the OP did: https://social.technet.microsoft.com/Forums/windowsserver/en-US/87b1252d-a6a0-4251-bbb6-38e104a8c07a/enumerating-iissslbindings-gives-failure-on-one-machine-works-on-another?forum=winserverpowershell

...and using a regedit, went to the key: HKLM\System\Currentcontrolset\services\http\parameters\sslbindinginfo

I saw all the same entries I see when I do the netsh command above. However, my wcf services are listed first, followed by my IIS sites. None of my wcf services had the SSLCertStoreName key (only the IIS sites had the key). Following the article's explanation that the first entry needs to have that registry key (this is a bug in my opinion), I performed the following PowerShell commands:

Try
{
    Get-ChildItem IIS:\SslBindings
}
Catch
{
    $1stentry = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo | Select-Object -First 1
    $1stentry | New-ItemProperty -Name "SslCertStoreName" -Value "MY"
    Get-ChildItem IIS:\SslBindings
}

This code works for me. And that article helped get me here and understand that my root cause of this 234 error code, is an assumed self-inflicted wound by not installing my WCF services correctly. YMMV. Hope this helps.