Server 2016 Essentials SSL Certificate
I Have a server that I have installed WSE RemoteApp 2016 Standard. It has been working fine until 6/2/2020. Now the clients are receiving a revoked certificate when they try to connect. When I installed the RemoteApp I went through the anywhere access wizard. Everything was working great. What do I need to do to get the certificate fixed? It says the certificate is from GoDaddy. I have contacted them and they want an account number. I did not set up anything through GoDaddy. Thanks for any help.
- GoSABS asked 4 years ago
- You must log in to post comments.
First off… A revoked SSL certificate has nothing whatsoever to do with WSE RemoteApp 2016. If you’re using a Microsoft personalized domain name (e.g. YourHostName.remotewebaccess.com), then all of that stuff is handled by the Anywhere Access/Remote Web Access functionality of Essentials itself (and GoDaddy is indeed the domain registrar and certificate provider that is used by Microsoft, behind the scenes, for their personalized domain names).
That being said… If the SSL certificate for your Microsoft personalized domain name has been revoked (for whatever reason), then you will need to open the server Dashboard, click on “Settings“, go to the “Anywhere Access” tab, and click on the “Repair” button. The Anywhere Access repair wizard will then automatically issue your server a new (and valid) SSL certificate for your Microsoft personalized domain name.
Lastly, please be aware that there was a really nasty bug in Windows Server Essentials that caused the GoDaddy-provided SSL certificates to be automatically revoked on a daily basis. It took Microsoft well over a year to fix the issue, but they finally did so via a Windows Update (i.e. KB4512495). Therefore, you should also make sure that your Essentials server has all of the latest Windows Updates installed on it so that this particular bug isn’t what’s causing the issue of your SSL certificate being revoked.
BTW, here’s how the KB article describes the fix:
Addresses an issue that may cause a new domain certificate to stop working after a day. This issue occurs when you set up the domain using a live account and the virtual private network (VPN) is configured using the Anywhere Access wizard. The error is, "Error 619: A connection to the remote computer could not be established, so the port used for this communication was closed". After more connection attempts, the following error appears, "Link to VPN connection failed. Reconnecting pending ..."
- Mike answered 4 years ago
- last edited 4 years ago
-
I have tried the repair for anywhere access. It said everything was fine. I tried connecting from the client and still got the revoked certificate error. I have looked for KB4512495 in the installed updates. I could not find it. I tried the link above that went to Microsoft. When I tried to download it. The update could not be found. What Should I try next?
- You must log in to post comments.
Open your web browser, go to your server’s built-in Remote Web Access website (e.g. https://yourhostname.remotewebaccess.com/remote), click the lock button/image within the address bar, and view the SSL certificate the website is using. Is the proper certificate being shown, and is it valid (i.e. not showing as revoked or expired when you view it)?
If the proper SSL certificate is being used, but it’s not valid (i.e. if it’s revoked, expired, etc.), then open the server Dashboard, click on “Settings“, click on the “Anywhere Access” tab, click the “Set up…” button, and try setting up your domain name all over again. Just don’t release your current domain name from the server or you’ll lose it. Simply opt to set up a new Microsoft personalized domain name and then once you sign in to your Microsoft account, you’ll be able to select your existing domain name again from the drop-down list provided (i.e. the one that you’re currently using). Hopefully doing that will get you a new SSL certificate issued for the domain name.
As for the Windows Updates… If you run Windows Update on the server and it tells you that it’s fully up-to-date, then I’m sure you’re fine. However, if you want to be sure, then perform a standard Remote Desktop Connection to your server and sign in as an administrator. Then, from the administrator’s desktop open File Explorer, and go to the following folder:
C:\Windows\System32\Essentials
Locate the file named “Wssg.Web.DomainManagerObjectModel.dll“, right-click on it, click on “Properties“, go to the “Details” tab, and check to see if it is version 10.0.14393.3179. If it is, then you have the latest version installed via the Windows Update I mentioned and you’re good to go.
- Mike answered 4 years ago
- last edited 4 years ago
- You must log in to post comments.