Archive | August, 2017

Calling HTTPS on self-hosted C# service using PowerShell gives 404 error

1 Aug


A short post on something that was making me bold. So maybe I save you some hears 😉


Problem (no challenge this time)


You have a Self Hosted C# webservice. This web service is configured to listen to base address

  1. You have created a selfsigned certificate as example below:

New-SelfSignedCertificate -DnsName -NotAfter “2020/01/01” -FriendlyName “Test Cert” -CertStoreLocation Cert:\LocalMachine\My

  1. You added the certificate also to the Trusted Root Certification Authorities on the server. So the cert chain will be valid !


  2. You have configured the binding and listener for example as below: (certhash should be replaced by the hash from the cert above)

netsh http add urlacl url=https://*:8733/Config_Service user=EVERYONE delegate=yes

netsh http add sslcert ipport= certhash=‎aaaaaaaaaaaaaaaaaaaaaa appid={3a1d638b-1b51-482a-dddd-218a589c2e69}

  1. Now on the host it selfs you call the webservice from out your browser as :



    You will get a 404


  2. Now you go to external workstation and open a web browser and go to:


    And succeed! You get the expected results.


  3. Now you open a PowerShell on the server and execute:




    And you will get again the 404 as

    Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.


    If you get this error below you didn’t setup the certificate correctly, see step 1 and 2

    Invoke-RestMethod : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.


  4. You try the same PowerShell on the external workstation. And it works …..



So local it looks not working …… Hmmmm




It’s very simple, but took me some time to find … Just disable the DisableLoopbackCheck on the server 😉

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck = 1 (as dword)

No restart needed.


Hope this helps you,

Michel Kamp