Installing “Remote Destop Web Access” Role on Windows Server 2012

Recently I was building a demo on Remote Desktop Services and the installation of the role was constantly failing with error 0x800f0922. If you search on Internet, there are all kind of reasons for this error but the one that was corresponding to my situation.

Here are few troubleshooting tips that you can use to explore a similar deployment issue:

Get a log with DISM : To get additional information, use the DISM tool and get a clean log.

  • Go to %windir%\logs\DISM, rename the existing DISM.log file o the name of your choice.
  • Open a command prompt and run the following command :
    Dism /online /enable-feature /featurename:WebAccess
  • After the command fail, open the new DISM.log file and look for your error. It may help you understand what is going on.

Cleanup the database : your component database may be corrupted so this first repair step would be to clean it.

  • Open a command prompt and run the following command :
    Dism /online /Cleanup-Image /RestoreHealth
  • The logs will be in the following locations : %windir%\logs\DISM and %windidr%\logs\cbs
  • Look for any information regarding your problem in the log files.

Verify the configuration of the default website :

  • Verify if you have any SSL certificated bound to your default website. Don’t use the IIS Manager console, it will very likely not show you the reality. Use the following command :
    netsh http show sslcert

  • Check if you any certificates bound to “any address” on port 443. They will appear like that :

    IP:port                      :
    Certificate Hash             : 23cadab1b5e066d126eea139c28459bbf30c6d5c
    Application ID               : {00000000-0000-0000-0000-000000000000}
    Certificate Store Name       : MY
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 10000
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled


  • Remove this certificate from the certificate store by using the following command :
    Netsh http delete sslcert ipport=

    Only the certificate bound to any IP on port 443 is supposed to cause the issue.

With this you should be able to re-start your installation of the “Remote Desktop Web Access” Role and complete successfully.

This issue has been logged in our databases and will be considered for a future update of the product.