I have a SP2019 web application at https://sp.test.int I need to add an app catalog.
First, I went into Central Admin –> Apps and configured the web app URLs as follows:
App domain: apps.test.int
Next, I created a subdomain in DNS for apps.test.int with a wildcard A record * pointing to the SharePoint server IP. (These sites use Kerberos so, no CNAMES).
After the DNS was complete, created a wildcard SSL cert, *.apps.test.int from my PKI.
After all that it’s time to modify the IIS bindings for sp.test.int.
- Binding 1: HTTPS with an SNI of sp.test.int and an SSL cert: sp.test.int
- Binding 2: HTTPS with no SNI and the SSL Cert of *.apps.test.int
Binding 1 will respond for calls made directly to sp.test.int and Binding 2 will respond to everything else like app-akfj49374.apps.test.int.
So far so good. I’ve setup SharePoint 2013 a dozen times with this exact configuration and it has always worked just fine.
Now, along comes SP2019… This configuration refuses to work. When I add a app to a page, the server responds with a 500 Error, System.ServiceModel.ServiceActivationException when calling /_vti_bin/client.svc
From what the Googles has found, this is an issue caused by a configuration issue when multiple bindings exist on the same IIS listener. One reference suggested to adding an entry in the ISAPI web.config file to allow multiple bindings. Not really my favorite solution as the config files can get refreshed during updates.
My solution was to extend the https://sp.test.int web application to https://apps.test.int. I could have called it anything but I chose https://apps.test.int in hopes of recognizing it in IIS later on as something I should not delete…
Next, remove binding #2 from the first IIS site and configure the same binding to the new IIS site: HTTPS, no SNI and the certificate *.apps.test.int.
The good news, it works great!
The bad news, what if I have a second web application in need of a app catalog? Do I fall back to the old days of adding IP addresses for each web application? Ugh…
My question: Has anyone else experienced these issues or is it just my environment? The use of multiple binding for the IIS site has worked fine until now.
Is this another new ‘feature’ or is it a bug?