question

NeedsHelps-1242 avatar image
0 Votes"
NeedsHelps-1242 asked JiaYou-MSFT commented

Windows Server Essentials / Renewin certificate for company.remotewebaccess.com

Hi, first time commenter, thanks for your help in advance!

Please describe the issue in 2-3 sentences. Include what you're trying to accomplish when the issue occurs.

  • I noticed that our server had a warning, that the certificate used for remote web access at company.remotewebaccess.com is expiring within thirty days. I want to renew the certificate, so that the remote web access will remain usable. When I try to re-run the RWA wizard, I can not login in any way and can't continue.

When did it begin and how often does it occur?
- I tried different ways and accounts to configure the remote web access via the essentials dashboard on the server to recreate the current company.remotewebaccess.com as a "new" domain, not to release it first and then re-run). I've also tried to add a totally new companypseudonym.remotewebaccess.com - either way doesn't work

What errors do you see?
- when trying to add a domain, I am prompted to signin to a microsoft account. it does not recognize any of our microsoft accounts, nor a a brand new one microsoft account that is created. I also tried the github login, but that does not go through either.
- Right now when I try yet again, I just get a blank white screen
- 102725-screenshot-2021-06-06-at-203448.png

What's the environment and are there recent changes?
- Windows server essentials 2016. Server has been patched and updated to the latest available via windows updates in the windows server dashboard log, I sometimes see:

GitmeInfrastructure: Failed to download global valid TLDs from the online service: System.Net.WebException: The remote name could not be resolved: 'www.microsoft-sbs-domains.com'

Before that the server gave ddns errors, that it can't connect to microsofts servers I guess. I was able to correct that via these registry settings https://www.askwoody.com/wp-content/uploads/2018/12/RWA-fix.reg_.txt

What have you tried to troubleshoot this?
- Googled my ass off, no alas. I tried turning off Internet Explorer Enhanced Security Configuration, since I figured it might block some sites that are not in the trusted zones (which I have also added, the ones I can find related to o365 logins). Rebooted the server, tried to repair (multiple times).

Posts that I've (at least tried to) read and understood:
- https://social.technet.microsoft.com/Forums/en-US/9419502a-45b1-429b-a750-fdfb743155fb/server-2016-essentials-remote-access-certificate-expired?forum=ws16essentials - I'm trying to solve my problem as suggested here, but I fall short on the Microsoft login
- List item


windows-server-essentials
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NeedsHelps-1242 avatar image
0 Votes"
NeedsHelps-1242 answered

A few reboots helped to solve the issue with the blank screen with the microsoft sign in.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NeedsHelps-1242 avatar image
0 Votes"
NeedsHelps-1242 answered

Oh lol, looks like the n+1 boot also fixed the problem, where the server didn't recognize microsoft accounts :facepalm:

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JiaYou-MSFT avatar image
0 Votes"
JiaYou-MSFT answered GrantDeason-1399 commented

HI @NeedsHelps-1242

Here is similar case with marked answer with another method to renew this certificate. Please try the methods to see if they help.
https://social.technet.microsoft.com/Forums/en-US/9419502a-45b1-429b-a750-fdfb743155fb/server-2016-essentials-remote-access-certificate-expired?forum=ws16essentials

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm having a very similar (if identical) problem on a Server Essentials 2012 R2 setup, in which I cannot renew the (myhost).remotewebaccess.com certificate and my signon to the Microsoft Live account is failing. I am seeing the same references in my error logs about "The remote name could not be resolved: 'www.microsoft-sbs-domains.com'" each time I attempt this operation.

www.microsoft-sbs-domains.com does not resolve to anything when I try to ping, so this is apparently the problem. How do I get around this inability to contact www.microsoft-sbs-domains.com?

0 Votes 0 ·
JiaYou-MSFT avatar image
0 Votes"
JiaYou-MSFT answered JiaYou-MSFT edited

HI NeedsHelps-1242 and GrantDeason-1399

I discover that one IT friend has solved this issue, please check if below link can help you.

Anywhere Access certificate will expire soon - I can't renew it. - Microsoft Q&A

https://docs.microsoft.com/en-us/answers/questions/423393/anywhere-access-certificate-will-expire-soon-i-can.html

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BooBoo-3388 avatar image
0 Votes"
BooBoo-3388 answered JiaYou-MSFT commented

Hi,

OP here, forgot which ms-account I used to ask the original question lol

As I mentioned in my original post, I had fixed the DDNS problem with the registry key. But it did not solve the renewal problem, since the microsoft account problem (at least then).

I was able to succesfully create a certificate for a new remotewebaccess.com sub domain yesterday, but not with the company's microsoft accounts. Just my own personal one.

So, problem averted, but not sure what all played a role, but the reg fixes mentioned in the opening post held biggest relevance. If you have the ddns problems, you need to run those to go forward. The reg fixes are the same ones as mentioned here: https://blogs.msmvps.com/bradley/2021/04/01/essentials-servers-fix-up-to-get-remotewebaccess-renewed/

Even though I had those settings for weeks, I ran into the "this is not a microsoft account" error multiple times yesterday, even with the microsoft account that finally was able to create a new subdomain and thus renew the certificate. And before that, when I posted this question, I just got a blank white popup window, when trying to renew the certificate.

But that was solved with 2-3 reboots of the server, oddly enough.

All I'm left with now, is that since I did not release the previous subdomain, it is now hanging in the remotewebaccess.com DNS pointing to the server with the old subdomain.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

And now, looking back I should have released the old subdomain.remotewebaccess.com - but since the timeline was tight, and the project had continued fidgedy, I decided to just create a new one, since the wizard finally accepted any microsoft account I had.

0 Votes 0 ·

HI

Thanks for your reply.

So the new domain name work fine with your WSE 2012 now?

0 Votes 0 ·

WSE 2016, but yes.

after all the hassle I was able to create a new domain, which works now. Certficate renewed and all.

0 Votes 0 ·
Show more comments