TLS error WSE 2012
Hi, Mike I wrote your e-mail twice, but there was no answer.
We have a problem with checking license status. Your plugin get SSL/TLS error, could you fix it?
==
Your plugin have integrated license status check on your server on every step. I don’t understand why you decide to do this, but now it interferes our work.Please fix the problem as soon is possible!
==
*Screenshots are in attachment.
- Emulty asked 3 years ago
- You must log in to post comments.
My apologies, but I don’t recall receiving any emails on this subject recently. Did you send them via the support page of this website?
I’m also not seeing any issues with the license validation checks in WSE RemoteApp 2012, and to date, no one else is reporting a similar issue that I am currently aware of. Unfortunately, I am not able to read any of those error messages seeing as they are not in English. However, it does appear that there is a trust issue going on with the SSL/TLS installation on your Essentials server.
Since this is an older Windows Server 2012 Essentials installation, I assume that WSE RemoteApp 2012 was working on it previously. If so, then do you recall making any changes to the server that might have caused the issue to appear (such as installing Windows Updates, disabling TLS 1.0, and/or enabling TLS 1.2 on the server)?
I just double checked a fully up-to-date installation of Windows Server 2012 Essentials here that’s running WSE RemoteApp 2012 Version 1.255.1904.0, and everything is working just fine for me.
Have you tried restarting the server just to see if that happens to shake things loose for you?
Other than that, can you try the following and see if it helps you out any:
1. Open the server Dashboard and go to the “WSE REMOTEAPP” page.
2. Click on the “Remote Desktop Session Settings” task, and then click on the “Security” subtab of the window that opens.
3. Check the “Setup IIS for SSL perfect forward secrecy and TLS 1.2” checkbox, click the “Save” button, and restart the server when you are prompted to do so.
Does that help any?
- Mike answered 3 years ago
- You must log in to post comments.
I’m getting this same error on a 2016 datacenter edition. Happened after the last update I installed for remoteapp. I’ll post some info tomorrow. Tried deleting the certificate key as stated in that microsoft article but that didn’t resolve it.
- Jeremy answered 3 years ago
-
I’m still not seeing this issue on any of our in-house servers (i.e. I cannot reproduce it). Have you tried restarting your server just to see if that happens to shake things loose for you?
-
Had a busy morning so far and have not had a chance to get into this yet. If you are interested we could do a screen share to show you what I have going on.
-
Hey Mike, the error resolved itself somehow after another reboot. I’ll let you know if that changes but the system is working without any warnings or license issues.
-
Sounds good. Thx for letting me know. That’s what I was expecting seeing as in the later releases TLS 1.2 is being enabled, and sometimes that requires a system reboot in order to work properly.
- You must log in to post comments.
I found in logs CAPI2 repetitved record with error ID 36885 and it lead me to this page: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/ssltls-communication-problems-after-install-kb931125
Problem solved. Anyway many thanks Mike! : )
- Emulty answered 3 years ago
- last edited 3 years ago
- You must log in to post comments.
Interesting! I’ll have to dig into that one and check to see if KB931125 is installed on any of our in house 2012 servers or not. Anyway… I’m glad that you got it resolved now. Thank you for letting everyone know how you managed to resolve the issue. Nice sleuthing!
- Mike answered 3 years ago
- last edited 3 years ago
- You must log in to post comments.
Anywhere Access enabled on server and our accountant department using it everyday.
Still this morning it working, but gave an error message TLS when start session, but all the same connection establish.
Now error disappeared.
- Emulty answered 3 years ago
- You must log in to post comments.
Alas, I’m not sure what else to tell you here other than to make sure that all of the latest Windows Updates are installed on your server. Nothing in WSE RemoteApp 2012 has been touched since way back in March of this year (i.e. nothing has changed over on our end that should have caused this to happen, and we can’t reproduce the issue over here).
Other than that, you will probably need to restore the server from backup back to a point in time when you know things were last working properly (hopefully you have Server Backup enabled!).
Restore or repair your server running Windows Server Essentials
I don’t believe that this has anything to do with WSE RemoteApp per se, but it’s more to do with your server not being able to communicate with our website because it’s not trusting the SSL/TLS connection for whatever reason. Our webserver requires TLS 1.2 communication, and so if it hasn’t been enabled on your server, that could be the issue. Did you try the suggestion that I offered you above about enabling TLS 1.2 on your server? If you can’t (because WSE RemoteApp won’t allow you to proceed), then you can try downloading this .REG file and running it on your server (and then REBOOT) in order to enable it:
DotNetFrameworkTlsSettings.reg
For a bit more info see: Enabling TLS 1.2 On Windows Server Essentials
Sorry that I don’t have a better answer for you on this one.
BTW, out of curiosity, do you have Anywhere Access enabled on your Essentials server? If so, are you able to successfully sign in to the server’s built-in Remote Web Access website (e.g. https://YourHostName.remotewebaccess.com/remote, etc.)?
- Mike answered 3 years ago
- last edited 3 years ago
- You must log in to post comments.
In server log I discovered such records:
WSERemoteApp
Error code 0
System.Net.WebException: Базовое соединение закрыто: Не удалось установить доверительные отношения для защищенного канала SSL/TLS. —> System.Security.Authentication.AuthenticationException: Удаленный сертификат недействителен согласно результатам проверки подлинности.
в System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
в System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
в System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
в System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
в System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
в System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
в System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
в System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
в System.Net.ConnectStream.WriteHeaders(Boolean async)
— Конец трассировки внутреннего стека исключений —
в System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
в System.Net.WebClient.DownloadString(Uri address)
в #=zqaw57GIe7hodl6sAZ1qi6o0n6O16.#=zyhX2Aj6iiNYQS7wV1whSVdk=.#=zoZ1IzvNBisdFvTutVA==()
в #=zlNIAKAsSorSQ5FcgGDXUhGD5HzyV.#=zDXDX3GspHiLm52zCIg==[T](Int32 #=z3LFQUb31ANk2, Int32 #=zYVFX20IQStx6, Func`1 #=zmpQ_VzcJOHUjg1hwlg==)
— Конец трассировка стека из предыдущего расположения, где возникло исключение —
в System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
в #=q2cbU8Ns_6qZpvI0dtw3NXUkV0IKBiYcLXS6V32sYzsE=.#=zjy$qFGsSR8hnmoBOuw==(Exception #=z4C7bZdc=)
в #=q2cbU8Ns_6qZpvI0dtw3NXUkV0IKBiYcLXS6V32sYzsE=.#=zYnzRKppgD0r4LPx1yhFTCW_Eq$xU(Object #=z4C7bZdc=)
в #=q2cbU8Ns_6qZpvI0dtw3NXUkV0IKBiYcLXS6V32sYzsE=.#=zs9SexslixL8452h0qP7FTmY2QfUzw1s4cujC6lCHyr27(MethodBase #=z4C7bZdc=, Boolean #=zp6q2Cu8=)
в #=q2cbU8Ns_6qZpvI0dtw3NXUkV0IKBiYcLXS6V32sYzsE=.#=zsNy4ub0AYiX0mxVFefKmIbJEK5N6(#=q2cbU8Ns_6qZpvI0dtw3NXUkV0IKBiYcLXS6V32sYzsE= #=z4C7bZdc=, #=qQmRRx12M4YUF1Lxv2IQkMQISKgH1MRrRbPytzAFDtjM= #=zp6q2Cu8=)
в #=q2cbU8Ns_6qZpvI0dtw3NXUkV0IKBiYcLXS6V32sYzsE=.#=zpegoskdICIAtPU$B8w6W6eY=()
в #=q2cbU8Ns_6qZpvI0dtw3NXUkV0IKBiYcLXS6V32sYzsE=.#=z92JRzFYrvKeXhOUwwLuSq4wUaegyNAo7PMndDVprhYvZ(Boolean #=z4C7bZdc=)
WSERemoteApp
Error code 0
An error occurred while validating your license!
System.Net.WebException
Базовое соединение закрыто: Не удалось установить доверительные отношения для защищенного канала SSL/TLS.
System.Security.Authentication.AuthenticationException
Удаленный сертификат недействителен согласно результатам проверки подлинности.
Web Exception Status: 9 (TrustFailure)
- Emulty answered 3 years ago
- You must log in to post comments.
I wrote from my e-mail (emulty@yandex.ru). Previously you answered very fast.
I didn’t change any settings on our server last few month. The problem appeared more than a week ago.
Today I completely reinstalled WSE RemoteApp and nothing changes. Now I can’t activate simultaneous connections to server. Tomorrow morning our employees should start working… :'(
I’m ready to provide credentials for you to check anything you need.
- Emulty answered 3 years ago
- You must log in to post comments.