You cannot browse to an SSL-secured Office SharePoint Server 2007 site or to the Search Settings page for a Shared Services Provider

Symptoms

You cannot browse a Secure Sockets Layer (SSL)-secured Microsoft Office SharePoint Server 2007 site or to the Search Settings page for a Shared Services Provider (SSP).

Additionally, you receive an error message that resembles the following the Application log on the server in the server farm that is running Office SharePoint Server 2007:

Note This error is logged every minute.

Cause

This issue occurs when the following conditions are true:
  • The server that is running Office SharePoint Server 2007 has the query role in a server farm.
  • The server farm was updated with Microsoft .NET Framework 3.5 Service Pack 1 (SP1).
  • The roles of the query server and the index server are not on the same server in the server farm.
This causes the self-issued certificate that is used by the Office Server Web Services to become corrupted.

Resolution

To resolve this issue, follow these steps:
  1. Stop the Office SharePoint Services Search service. To do this, follow these steps:
    1. Click Start, click Run, type
      cmd
      , and then click OK.
    2. At the command prompt, type
      net stop osearch, and then press ENTER.
    3. Type
      exit
      to exit the command prompt.
  2. Download and install the IIS 6.0 Resource Kit Tools. To obtain the IIS 6.0 Resource Kit Tools, visit the following Microsoft Web site:
  3. On each server in the farm that has Office SharePoint 2007 installed, follow these steps:
    1. Click Start, click Run, type
      cmd
      , and then click OK.
    2. Navigate to the location of the IIS 6.0 Resource Kit Tools (default location is: C:\Program Files\IIS Resources\SelfSSL)
    3. At the command prompt, type
      selfssl /s:951338967 /v:1000, and then press ENTER.


      Notes
      • For 64 bit Server, 951338967 is the default ID of the Office Server Web Services certificate.
      • For 32 bit Server, 1720207907 is the default ID of the Office Server Web Services certificate. You can check the ID of Office Server Web Services from IIS.
      • 1000 is the number of days that the certification will be valid.
      • You need to execute the selfssl command on each MOSS Server in the farm which is running a "Office Server Web Services" site.
      • SharePoint partly uses SSL name resolution in the background between farm servers, which users generally do not need to be aware of.
  4. Start the Office SharePoint Services Search service. To do this, follow these steps:
    1. At the command prompt, type
      net start osearch, and then press ENTER.
    2. Type
      exit
      to exit the command prompt.
  5. Download and install the following update to the .NET Framework 3.5 SP1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    959209 An update for the .NET Framework 3.5 Service Pack 1 is available

Status

Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about the issues that are associated with the .NET Framework 3.5 Service Pack 1 after you upgrade from the .NET Framework 3.0 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:

958484 List of the breaking issues with the .NET Framework 3.0 Service Pack 1 after you upgrade to the .NET Framework 3.5 Service Pack 1

Properties

Article ID: 962928 - Last Review: Jul 12, 2013 - Revision: 1

Feedback