共用方式為


Event ID 1007 — IIS Web Management Service Authentication

Applies To: Windows Server 2008

Clients can connect remotely to the Web Management Service on a Web server in order to administer that server. If connectivity issues occur, the client may not be able to administer the Web server.

Event Details

Product: Internet Information Services
ID: 1007
Source: Microsoft-Windows-IIS-IISManager
Version: 7.0
Symbolic Name: IISWMSVC_STARTUP_UNABLE_TO_READ_CERTIFICATE
Message: Unable to read the certificate with thumbprint '{0}'. Please make sure the SSL certificate exists and that is correctly configured in the Management Service page.

Resolve

Check the Web Management Service (WMSvc) SSL certificate

To resolve this issue:

  • Find the SSL certificate that the Web Management Service is using.
  • Add the certificate snap-in to Microsoft Management Console (MMC).
  • Check that the certificate exists and has valid signature and time properties.

To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

Note: These steps assume that you are logged on directly to the Web server.

Find the SSL certificate that the Web Management Service is using

To find the SSL certificate that the Web Management Service is using:

  1. Click Start, click Control Panel, and then click Administrative Tools.
  2. Right-click Internet Information Services (IIS) Manager and select Run as administrator.
  3. In the Connections pane, select the server that you want to manage.
  4. In Features View, double-click Management Service.
  5. Under SSL certificate ensure that a certificate is selected.
  6. Note the name of the certificate. By default, the name starts with "WMSvc".

Add the Certificate Snap-in to Microsoft Management Console (MMC)

To add the Certificate Snap-in to Microsoft Management Console (MMC):

  1. Click Start, Run, type MMC, and press ENTER.
  2. Click File, Add/Remove Snap-in.
  3. From the list of available snap-ins, select Certficates, then click Add.
  4. When prompted, select the Computer Account option, and click Next.
  5. Select the computer that you want to manage, click Finish, then click OK.
  6. In the MMC, under Console Root, a node called Certificates has been added for the computer that you chose. IIS server certificates are stored here in the Personal directory of the computer certificate store.

Check SSL certificate properties

To check the SSL certificate properties:

  1. In MMC, click Certificates (Local Computer) to expand it. The Personal folder appears underneath.
  2. Expand the Personal folder. A Certificates folder appears under it.
  3. Select the Certificates folder. The certificates on the server appear on the right.
  4. A server certificate should exist that begins with "WMSvc." Double-click it to see its properties.
  5. Click the Details tab. Verify that the certificate has a valid time stamp.
  6. To view the certificate thumbprint, scroll down and select Thumbprint. The thumbprint hash appears in the Window.
  7. Click the Certification Path tab.
  8. Below the Certification Path window, examine the Certificate Status window. If the certificate is valid, the words "This certificate is OK" will appear.
  9. If the certificate has an invalid signature or an invalid time stamp, contact the issuer of the certificate to resolve the signature problem or to obtain a new certificate.

Verify

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To verify that the connection between the Web Management Service and your client can authenticate correctly:

  1. Click Start, click Control Panel, and then click Administrative Tools.
  2. Right-click Internet Information Services (IIS) Manager and select Run as administrator.
  3. Under Connection tasks, Click Connect to a server… The Connect to Server dialog box appears.
  4. Under Server name, select the server name to which you want to connect.
  5. Click Next. If the connection was successful, the message "Created a new connection successfully" will appear on the next dialog box page.

IIS Web Management Service Authentication

Internet Information Services (IIS) 7.0