The user reported that he failed to access the web site with HTTPS protocol with “Page cannot be displayed” error message.
We opened the Site Bindings for the web site in IIS Manager. Then open Edit Site Binding for that https.
After we clicked OK button and did not modify any settings, the user could access the site with HTTPS.
In the next day the user reported this issue occurred again. We noticed that the issue always re-occurred after the server rebooted. In the event log a Schannel error appeared during reboot:
Log Name: System
Event ID: 36870
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
The problem was solved by deleting the certificate and then importing it.
After the discussion with the user, we finally realized that the user incorrectly imported the certificate to CurrentUser store and then he used drag-and-drop method in MMC certificate snap-in to move it to LocalComputer store. Then the problem occurred.
This issue can be reproduced.
1. Schannel event logging is very useful. Fortunately the error messages are logged by default.
How to enable Schannel event logging in IIS
2. Do *NOT* use the drag-and-drop method in the MMC Certificate snap-in to move the certificate to the Local Computer store.
See “More Information” section in the following article:
3. Other public blog article also mentions this issue, but it seems to have a different error code:
SSL stops working in IIS7
Xin Jin from APGC DSI Team