Readiness check fails on Application Tier with the error, “Cannot create a binding on port ‘XXX’ because the specified certificate could not be found. Select a different certificate and then re-run the readiness checks”

TFS 2015 Update 2 gives the option of editing the Site bindings on IIS as part of the configuration itself. This way, when you upgrade/restore TFS, you get an option to change the various settings such as port, virtual directory.

Recently, we came across a unique issue with a customer where TFS 2015.2.1 was configured with SSL. Due to an unforeseen circumstance, the server had crashed and the customer was trying to restore TFS back to its former glory. But they faced an issue at the Application Tier only wizard ‘Readiness Checks’

“Cannot create a binding on port xxx because the specified certificate could not be found. Select a different certificate and then re-run the readiness checks”

This was preventing the configuration to pass. But we do have an option to fix this.
Going back to the Application Tier option on the left, you will notice a ‘Edit Site Settings’

Clicking on it gives several options, to select the right SSL certificate or remove the binding altogether.

Now, we store the certificate hash in our config database which means TFS will want the same certificate.
If you have the same certificate, you could import it and select it there.

If you do not have the original certificate, you could remove the binding for now, re-configure TFS, then manually add the binding back. Newly created certificate will have a new hash that will mismatch the content stored in the tables, so you can also go back and re-select the new certificate to ‘update’ the settings.

That’s it! You could re-run the readiness checks and bring back TFS online!

Cheers!

Content: Manigandan Balachandran
Review: Chandra Sekhar Viswanadha