question

ChuckColeman-7418 avatar image
0 Votes"
ChuckColeman-7418 asked HeinzTempl-7083 published

Anywhere Access certificate will expire soon - I can't renew it.

Hi. I have a Windows Server 2012r2 that has had Anywhere Access for years. I've recently been getting a warning that "The Anywhere Access certificate will expire soon. You must renew the certificate to continue using Anywhere Access." I have spent days researching this and the recommended solution is to go to the Setup portion of the Anywhere Access wizard and release the current domain name, i.e. name.remotewebaccess.com. I've tried this multiple times and I continue to get the following: "The domain name was not released. Click close and then try again later. An unknown error occurred. Please wait a few minutes and then try again."

I've tried that multiple times over several days. How do I renew the Anywhere Access certificate?

windows-server-security
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Server 2012 R2 Essen. This is the exact error I am getting. My health message started a couple of days ago about my cerft. expiring. I tried to release my cert but each time I received the same error message. The first time I tried it IE popped up with a trust box. I am logging into the same MS live account that I used when I first created the certificate. I also tried to create a new cert. without success. I will watch this thread to see if you have any luck getting this to work.

1 Vote 1 ·

Hello @ChuckColeman-7418,
Would you please tell me how things are going on your side. If you have any questions or concerns about the post, please don't hesitate to let us know.
Thanks for your time and have a nice day!

Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·
ChuckColeman-7418 avatar image
2 Votes"
ChuckColeman-7418 answered HeinzTempl-7083 published

SUCCESS! I've fixed the problem on a 2012r2 Essentials and a 2016 Essentials. MichaelJordan-7542 in one of his posts suggested to go here: https://blogs.msmvps.com/bradley/2021/04/01/essentials-servers-fix-up-to-get-remotewebaccess-renewed/

Once there, look for "The attached TXT file needs" RIght-click on the word "TXT" and open it in a new tab. Copy the Regedit code. Go to your server and Export the contents of Regedit to a file to back it up. Take the copied code and paste it into a .txt file and save it. Rename the file to your_name.reg and execute it. You will get confirmation it was added. Reboot the server. Once it's up start up the Dashboard and go to Anywhere Access. I tried the "Repair" option and it fixed a few errors, but not the certificate. Then go to Setup and pick "Use another Domain Name", then "I want to use a domain name I alread own". Enter your existing Domain Name. You will have to enter your credentials, let it run and it's fixed!

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Many Thanks. Fixed on one 2016 server and another due to expire in 3 days. Much appreciated. Jon

0 Votes 0 ·

thanks so much, nice quick fix and explanation

0 Votes 0 ·

Worked for me with the regedit. Thanks so much!

0 Votes 0 ·

this is just awesome! My WSE 2016 denied remote services with an expired cert and non of the solutions worked until I found this one! Thanks for that so much - works perfect as described!

0 Votes 0 ·
KeithSeda-1188 avatar image
0 Votes"
KeithSeda-1188 answered

I can also confirm that the Registry file in this article fixed the problem. On a side note I attempted to simply renew it by "Adding" it again, that failed for some reason. So I released the domain then added it back and that seemed to work. When running the repair it said it was unable to update the IP address but when I did it the release/add way it actually worked even though it still gave the error.
essentials-servers-fix-up-to-get-remotewebaccess-renewed


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelJordan-7542 avatar image
0 Votes"
MichaelJordan-7542 answered

That worked for me as well. (regedit fix) Renewed cert. good til July 2022. The only issue the wizard does not like my router and the UPNP setting. Everything seems to be working .

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KeithSeda-1188 avatar image
0 Votes"
KeithSeda-1188 answered MichaelJordan-7542 commented

Yeah we have still had no luck. We just had another client call us with this same problem yesterday. So we are only finding more servers with this problem, have yet to successfully renew the certificate on any of them.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I manage a 2012r2 Essentials and a 2016 Essentials. I can't update the certificate In either servers.

0 Votes 0 ·

Take a look at the link I put in the last post concerning a registry change on TLS. I wish I did not have only a production machine to try this on. Let me know what you think.

0 Votes 0 ·
Chris-9069 avatar image
0 Votes"
Chris-9069 answered MichaelJordan-7542 commented

Cool. I did find an article somewhere (I'm sure you found it too) that said that the trick was to follow the flow to add a domain name, and then add the existing one, rather than trying to remove it first. Neither worked for me before the updates reboot. I did not try removing it after the reboot.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Update.....No JOY Tried just about every sequence. Rebooted server after installing this months updates. Tried to release. I used the original live account. Tried to create a new remotewebaccess.com address. Used a new live account and tried the old account as well Ran a repair and it displayed two errors. Domain Service can not be reached and the cert. will be expiring soon. The only other thing I found was a regedit file that addresses TLS 1.2. There is a txt file and a powerscript.

essentials-servers-fix-up-to-get-remotewebaccess-renewed


0 Votes 0 ·
KeithSeda-1188 avatar image
0 Votes"
KeithSeda-1188 answered

Wow thanks for the detailed description! I will attempt this directly after a reboot. We scheduled a reboot for the middle of the night then tried again on the following day. We will attempt this after hours and a fresh reboot, thanks again!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chris-9069 avatar image
0 Votes"
Chris-9069 answered Chris-9069 edited

Correct-ish. I should've screenshotted the workflow. It was late. I was excited. :)

I actually was able to do it two different ways which did not include releasing the domain. Both ways renewed the expired .remotewebaccess.com SSL certificate which had already expired.

Method 1 - Selected "use another domain name or domain name service provider. On the next screen I actually selected "I want to use a domain name I already own". I typed in "<mydomain>.remotewebaccess.com" which actually took me to a live.com login, it did its thing and gave me a green checkmark.

At this point the certificate was renewed for another year (new SSL rules - no more 3 yr certs), but I was noticing weirdness, like some deeper pages in the remotewebaccess.com web portal still having certificate errors. I probably had just not waited long enough, but I ran the repair wizard, thinking that might set things straight. It seemed to end up revoking the freshly renewed cert, and leaving things in a bad state. So I tried again.

Method 2 - Went through the config wizard again, and also selected "use another domain name...". but this time I mistyped my domain name by accident. Still took me through live.com login, only this time it actually told me that the domain did not exist on my account, it gave me a list of domains that did exist on my account, then asked if I wanted to use the new one I mistyped, or one of the ones on my account. I selected the one already on my account, it did its thing, gave me another new non-expired, non-revoked cert, I gave it some time, and I was good to go.

It sounds like we may be having different problems. My cert expired 5 days prior (we don't have a lot of remote usage, and I don't pay super-close attention to health status reports). I worked on it for about 2 hours, trying everything in every doc I found. As soon as the server came back up from update and reboot, the wizard started working. It was about 11:30PM CDT (in case traffic load matters coincidentally).

This is for Server 2012 R2 Essentials. The updates that were installed prior to the reboot were:

KB5003220
KB5003165
KB5003209
KB5001393
KB890830
KB4601275
KB5001881

These are all fairly standard updates, but figured it is something to check.

There could also be a theory that the server is busy doing something "Essentials-like" which prevents the restart of remote access (like client backups, client checks/updates via WSUS, etc.) and that behavior gets interrupted with a reboot, so the cert renewal and domain refresh/restart can happen immediately after reboot.

All just theories, but I only had to reboot once with pending update installs to make it work again.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chris-9069 avatar image
0 Votes"
Chris-9069 answered KeithSeda-1188 commented

Hate the tech support answer but I was having the same problem, very stressful. I did all of the suggestions. I had a pending reboot for an update, but I hate the reboots because this is a server, and it does not reboot quickly. I eventually did the reboot and during that time the problem was magically resolved. 2012 Essentials.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We did all updates and rebooted on multiple customer sites and were not able to renew. So you were able to release the domain and then re-add it from server essentials? This is in regards to remotewebaccess.com addresses only.

0 Votes 0 ·
KeithSeda-1188 avatar image
0 Votes"
KeithSeda-1188 answered MichaelJordan-7542 commented

Yeah I saw that post as well, didn't seem to be the issue we are having. He says rebooting allowed him to sign in, it doesn't say he was able to renew it, just that the sign in shows up for him now.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

My login screen was never blank. It let me connect to live accounts and enter user name screen and then the password screen. After a few seconds it presented the error screen. I mentioned before that the first time I tried IE popped up with a trust site window and I just hit the enter key without paying any attention to the site that it was adding to the trust list.

0 Votes 0 ·
MichaelJordan-7542 avatar image
0 Votes"
MichaelJordan-7542 answered MichaelJordan-7542 edited

Something similar happened last year when Microsoft lost control of the remotewebaccess.com domain name. If I remember it to them several days to solve the problem.

Found this online from the last several hours.
windows-server-essentials-renewin-certificate-for.html


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.