All Answers
By default (and by Microsoft’s design), the configuration wizard will setup the server as a primary domain controller if an AD domain does not already exist on the server. However, if the server is already set up as a domain controller, then the configuration wizard should recognize that and just configure Windows Server Essentials on the server accordingly (without messing about with the existing domain configuration). For more info on that see:
Deploy Windows Server Essentials in an existing Active Directory environment
Thus, you “should” be fine to run the configuration wizard on your existing DC. That being said… Microsoft designed the behavior of the configuration wizard (not me), and so I make no guarantees whatsoever that your existing domain configuration will remain completely untouched. Just make sure that you have a working backup of your server before you proceed as a just in case.
- Mike answered 2 years ago
Client computers that are connected to your Essentials server (i.e. those computers on which you’ve installed the Windows Server Essentials Connector software – whether they’re joined to the domain or simply connected via Microsoft’s SkipDomainJoin connection method) will not appear within the WSE RemoteApp Launcher window.
That being said… You can have your connected client computers appear within WSE RemoteApp’s RADC web feed as described in the following article:
Adding Desktops To The RADC Web Feed
Also, for a bit more information on WSE RemoteApp’s RADC web feed feature see:
Connecting From Mac / iOS / Android / Windows Computers and Devices
EDIT: Although… If you would like your client computers added to the WSE RemoteApp Launcher, then you can always just publish RDP files (or shortcuts to the RDP files), which initiate a standard Remote Desktop connection to the client computers (i.e. the same RDP files that you would download when you attempt to connect to the client computers from within the “Devices” section of the Essentials server’s Remote Web Access website at https://YourDomainPrefix.remotewebaccess.com/remote, etc.). The only real caveat to doing it that way (as opposed to using the RADC web feed) is that the remote session initiated with the client computer from the RDP file that’s published within the WSE RemoteApp Launcher window would be a nested session. This is exactly what WSE RemoteApp’s “Publish server desktop” task does when it publishes the server desktop for you.
- Mike answered 2 years ago
- last active 2 years ago
Thank you, as always, for your thorough responses, Mike.
I have done this so many times over the years, so I had followed almost all of the instructions you resent. (That’s what I had in the screenshots I was unable to upload.) The one piece I’d forgotten was to actually Enable the RADC Web Feed. SMH
I’m all set!
Best regards,
Edgar T.
- mia2wa answered 2 years ago
I’ve never personally used any TLD other than “.com” and so I can’t really say for sure, but I expect that the “.top” TLD that you’re wanting to use isn’t supported by Windows Server Essentials.
Doing a quick Internet search brings me to this Microsoft document, which seems to suggest that only .com, .net, .org, and .edu are supported “generic” TLDs in Windows Server Essentials. I’d need to delve into the source code to know for sure though.
- Mike answered 2 years ago
- last active 2 years ago
Thank you Mike for the reply.
I finally had to purchase a new domain name compatible with Windows Essentials.
I have another question regarding the custom domain name procedure.
I followed your procedure because it is the best described alternative when remotewebaccess.com is no longer available to set up. I’m in the process to install a clean WS 2012 R2 server with Essentials Experience. I managed to get it up and running, but in your procedure for Let’s Encrypt Certificate and Certify The Web, it’s preferable to use your PowerShell script to to allow the native tools built into Essentials to configure the SSL certificate properly.
Since I’m installing a WS 2012 R2 server, I’m not and can’t use your PowerShell script. So, would you be so kind to tell me what I have to do manually every time the certificate get’s renewed?
Thanks
- Francois Boucher answered 2 years ago
- last active 2 years ago
Unfortunately, Microsoft hasn’t added the more secure security ciphers, that our webserver host requires, to the older (and now defunct/unsupported) versions of Windows Server (e.g. 2011, 2012, and 2012 R2). Therefore, the older versions of our WHS/WSE RemoteApp and WSE WorkFolders add-ins are no longer available (seeing as they cannot securely reach out to our webserver any longer).
Windows Server Essentials natively configures the newly installed SSL certificate in multiple places on the Essentials server (besides in just the RD Gateway). All our PowerShell script does is write the newly installed SSL cert’s thumbprint to the Windows Registry, which in turn, then alerts our WSE RemoteApp and WSE WorkFolders add-ins to run the native methods in Windows Server Essentials in order to properly configure the new SSL cert for use in Windows Server Essentials (similar to what happens when you first “configure”, or “repair”, Anywhere Access via the server Dashboard).
The PowerShell script itself doesn’t do anything much per se. Rather, there’s code in our add-ins that call the appropriate native methods within Windows Server Essentials in order to properly install/setup/configure the SSL cert on the Essentials server. You’d need to be able to write a WSS add-in, and know all of the appropriate native methods to call in order to replicate that functionality, and that’s not something that can be done with a simple PowerShell script I’m afraid.
I’ve been thinking about adding that same functionality to the WSEE Installer itself so that folks who don’t want to install our ad-ins can still properly configure a custom/vanity domain name in Windows Server Essentials using certify the web, but (I haven’t gotten around to doing that as of yet, and) that would only apply to Windows Server 2019/2022/2025 and so it still wouldn’t help you with 2012 R2 I’m afraid.
I strongly suggest that you move up to using (at least) Window Server 2016 Essentials, rather than relying on the older (and now fully unsupported by Microsoft) Windows Server 2012 R2 Essentials, but if that’s not an option for you, then the best that you’ll be able to do is to set up certify the web to install the SSL cert into the RD Gateway for you as Mariëtte Knap describes over here.
- Mike answered 2 years ago
- last active 2 years ago
Thanks, I unfortunately have to stick with WS 2012 R2 for a while longer. I’ll adjust my setup per Mariëtte Knap and hope for the best.
- Francois Boucher answered 2 years ago
- last active 2 years ago
The remotewebaccess.com Microsoft personalized domain name feature in Windows server Essentials has been broken for more than two months now. Microsoft is aware of the issue, but doesn’t seem willing/able to correct it in a timely manner. I STRONGLY suggest that folks set up a custom/vanity domain name instead in order to avoid these frequent (and lengthy) interruptions. We have a step-by-step guide that walks you through doing just that over here:
How To Manually Set Up A Custom / Vanity Domain Name In Windows Server Essentials
- Mike answered 2 years ago
- last active 2 years ago
Thank you for your help. I am good with following instructions, but I am only an intermediate user. So the issue here is that I am encountering an issue with Certify the Web GoDaddy API. Please look at the screenshot below.
Is there any alternative to GoDaddy that offer all-in-one solution to small customers like me (domain host, Dynamic DNS and API)?
Thank you.
![](\Users\admin\Desktop\Sans titre.png")
- mikmik_16 answered 2 years ago
Well that’s just sad…
GoDaddy TOTALLY SUCKS!!!
I sure am getting sick and tired of GoDaddy‘s silly antics (they recently raised the cost of their domain renewals by more than 100% as well). Guess that I can no longer recommend them. I’ll go ahead and update my how-to article and remove all references to GoDaddy from it just as soon as I can.
In the mean time… If you haven’t already purchased your custom/vanity domain, then I suggest purchasing it from a more reasonable domain registrar like Namecheap instead. They offer a free dynamic DNS update service and client, and a free domain privacy service with all of their domains.
Otherwise, if you already have your custom/vanity domain hosted by GoDaddy, then for the dynamic DNS updates (i.e. if your ISP doesn’t offer you a static IP address for your WAN), just use the FreeDNS or Duck DNS dynamic DNS service and update client that’s mentioned within my how-to article. They both work really well and are free of charge.
As for using Certify the web to obtain a free Let’s Encrypt SSL certificate… If your ISP isn’t blocking the standard HTTP port (i.e. TCP port 80), and you’re not planning on using a wildcard SSL cert, then go ahead and use http-01 domain validation instead. It’s simple to set up, works well, and doesn’t require a separate DNS API provider (such as GoDaddy, etc.).
Otherwise, you will most likely need to use the “Update DNS Manually” method for your dns-01 domain validation by manually creating the required ‘TXT’ record in the DNS zone of your GoDaddy domain (which doesn’t require the GoDaddy DNS API, but will require you to manually update the TXT record for every renewal of your SSL cert; i.e. every 90 days).
Other than that… You’d need to choose a different DNS API provider, that’s supported by Certify the web, and then set your nameservers in GoDaddy to point over to your new DNS provider (which is easy to do from the DNS section of your GoDaddy dashboard).
Sorry for the hassle on this one.
EDIT #1: It looks like using ACME-DNS as your DNS API provider in Certify the web is definitely the way to go here. To do so, just follow the simple instructions provided here. I’ve just tested this dns-01 validation method out on one of my own GoDaddy hosted domains (using a wildcard Let’s Encrypt SSL cert) and it worked perfectly (using the default trusted acme-dns server). I’ll go ahead and update my how-to article with this method instead.
EDIT #2: Okay, my how-to article has been updated now. Enjoy!
EDIT #3: I’ve now transferred all of my domains (including TheOfficeMaven.com) from GoDaddy over to Namecheap. I can’t believe how much better (and less expensive) Namecheap is. After more than 20 years of being with them, I now say good riddance to GoDaddy!
- Mike answered 2 years ago
- last active 2 years ago
Thank you for all your help. :- ) I’ll try the configuration again with these instructions.
- mikmik_16 answered 2 years ago
- last active 2 years ago
Alas, I’m not seeing any such behavior over here. All of our Windows 11 client computers show up just fine (and are shown as online when they are) within the server Dashboard.
Have you tried setting the preferred IPv4 DNS server address in the network adapter settings/options, and the .NET Framework security settings, on them (and then reboot) as I mention under the 8/25/2019 bullet point over here?
Other than that, about all I can tell you is to try doing an Internet search to see if you can locate others who may have encountered a similar issue (and provided a resolution).
- Mike answered 2 years ago
- last active 2 years ago
I’ve never personally used any TLD other than “.com” and so I can’t really say for sure, but I expect that the “.uk” TLD that you’re wanting to use isn’t supported by Windows Server Essentials.
Doing a quick Internet search brings me to this Microsoft document, which seems to suggest that only .com, .net, .org, and .edu are supported “generic” TLDs in Windows Server Essentials. I doubt that there’s any way around that, but I’d need to delve into the source code to know for sure though.
EDIT: Although this section of the same Microsoft document seems to suggest that the “.co.uk” country-code TLD is supported (but not just “.uk”).
- Mike answered 2 years ago
- last active 2 years ago
I’ve managed to figure out how to use a “.uk” TLD when setting up a new custom/vanity domain name in Anywhere Access (and it sure wasn’t easy). I’ll be releasing updated versions of each of my software products later this week that implement the fix (i.e. that will allow folks to manually set up a new domain name in Anywhere Access when using a “.uk” top level domain). I’ll update this post just as soon as the updates are available for download.
EDIT: Okay, the updated versions of the WSEE Installer, WSE RemoteApp, and WSE WorkFolders with support for “.uk” and “.top” TLDs have been released.
NOTE: Essentials already includes support for a large number of TLDs, but if anyone happens to come across one that doesn’t work, then just let us know and we can add support for it (on-the-fly).
- Mike answered 2 years ago
- last active 2 years ago
I’ve managed to figure out how to use a “.top” TLD when setting up a new custom/vanity domain name in Anywhere Access (and it sure wasn’t easy). I’ll be releasing updated versions of each of my software products later this week that implement the fix (i.e. that will allow folks to manually set up a new domain name in Anywhere Access when using a “.top” top level domain). Unfortunately, the fix is only for use under Windows Server 2016 or greater I’m afraid.
- Mike answered 2 years ago
- last active 2 years ago
You can open up the Event Viewer applet on your server and go to:
Windows Logs -> Application
In there you should see the error listed under the “EssentialsRoleSetupUpdater” event source.
Feel free to post back here with the specific error if you need further clarification on it.
- Mike answered 2 years ago
Hi Mike, here’s the copy/paste of the error.
From what i read, i have done the update just as user, not via right-click “Run as Admin” option. so should it be run again as ‘right-click Admin’ or only the command as shown below?
Log Name: Application
Source: EssentialsRoleSetupUpdater
Date: 7-6-2024 17:33:01
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Domain.MOOK.local
Description:
Error occurred while attempting to grant built-in Administrators account full control access permissions to:
C:\Program Files\Windows Server\Bin\WebApps\CertWebService\CertWebService.svc
System.TimeoutException
Command execution timed out:
takeown.exe /F “C:\Program Files\Windows Server\Bin\WebApps\CertWebService\CertWebService.svc” /A
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=”EssentialsRoleSetupUpdater” />
<EventID Qualifiers=”0″>0</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=”2024-06-07T15:33:01.9066434Z” />
<EventRecordID>180887</EventRecordID>
<Correlation />
<Execution ProcessID=”0″ ThreadID=”0″ />
<Channel>Application</Channel>
<Computer>Domain.MOOK.local</Computer>
<Security />
</System>
<EventData>
<Data>Error occurred while attempting to grant built-in Administrators account full control access permissions to:
C:\Program Files\Windows Server\Bin\WebApps\CertWebService\CertWebService.svc
System.TimeoutException
Command execution timed out:
takeown.exe /F “C:\Program Files\Windows Server\Bin\WebApps\CertWebService\CertWebService.svc” /A</Data>
</EventData>
</Event>
- MOHdennisNL answered 2 years ago
I can tell you that Opening a Command Prompt (Admin) and running:
wbadmin delete catalog
will probably fix Windows Server Essentials Management Service not running. I have a brand new 2019 server and a brand new WSEE install. Everything was perfect until I configured server backup. Then the Users disappeared because Management Services wasn’t running. I have no idea what happened but I used the command above that I found at the link you posted and that got the service running. I then configured backup again and this time there was no issue. I have no idea why. So although you will probably lose old backups, at least the command should get you running again.
- ArtinNC answered 2 years ago
I’ve personally never come across a situation like this before, but I do know that the Windows Server Essentials Management Service can be really finicky about the specific disks that are installed/being used. Over the years, I’ve seen all kinds of issues being reported by various folks stating that the service won’t start or stay running due to the particular disks or disk configuration that they were using (RAID arrays, size of the disks, type of SSD, drivers, etc., etc.). I have no idea why things are so touchy in this area for some folks, but not for others. Guess that’s just one of the quarks that we all have to live with when using Essentials I’m afraid.
Thanks ArtinNC for your tip about deleting the Windows Backup catalog in order to resolve the service not starting/running issue. I haven’t come across that one before, but will definitely add it to my book of tricks. ;- )
- Mike answered 2 years ago
Thanks ArtinNC and Mike for the replies. Here’s my result.
First I tried
wbadmin GET VERSIONS
and I saw that I had one very old backup copy which targeted the missing disk. Thinking myself quite clever, I deleted that one backup with
wbadmin DELETE BACKUP -version:xx/xx/xxxx-xxxx.
After I did this, the Windows Server Essentials Management Service started.
I patted myself heartily on the back and prepared the champagne flutes.
However, I saw that the Windows Server Backup MMC still would not load. I put the flutes away and remembered that actually, I don’t drink.
I attempted to re-setup Server Backup through the WSEE Dashboard Wizard.
This process did not succeed, it crashed the Dashboard app, and once again caused the WSE Management Service to fail to start.
I eventually capitulated and ran
wbadmin delete catalog
After this, all services were able to start, the Windows Server Backup MMC loaded right up, and I was able to reconfigure backups… sadly while reformatting my backup disks in order to use them, thus wiping my historical backups. Let ye be warned… Windows Server Backup, she is a harsh mistress.
- KurtH answered 2 years ago
