Failed to enumerate SSL bindings
In PowerShell, when I attempted to enumerate SSL bindings, I was getting the error message:
Failed to enumerate SSL bindings, error code 234.
This is sometimes due to misconfiguration of the SSL certificate bindings in
the registry, under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo
.
This controls the SSL certificate bindings; either all of the entries in here
must have a value named SslCertStoreName
, or none of them must.
One of my colleagues found this answer on this MSDN forum, but that’s kinda hard to read.
With PowerShell:
# Find those entries which are missing the 'SslCertStoreName' property:
# Note, that, for some reason, this includes the `[::1]:443` entry, even if it's not broken,
# which means that we can't easily script the fix.
$brokenBindings = dir HKLM:\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo |
where { !(Get-ItemProperty -Path $_.PSPath -Name SslCertStoreName) }
# Output the certificate thumbprint for the broken ones:
$brokenBindings | % {
$hashBytes = (Get-ItemProperty -Path $_.PSPath -Name SslCertHash).SslCertHash
$hashString = [BitConverter]::ToString($hashBytes).Replace('-', '')
Write-Output ("{0} -- {1}" -f $_.Name, $hashString)
}