[SOLVED] Unable to connect to WSE 2016

[Jeff Drew]

I built a new machine and installed Win 10 Pro. I started with my MSN account and then used the http://server/connect method to connect the machine. It seemed to work though it required two tries. the first time it complained it couldn't establish trust. the second time it successfully joined the domain and showed up in the dashboard. However the launchpad shows the server is offline. The Shared Files link works and I am able to log in with my domain account. I have attached the logs from C:\ProgramData\Microsoft\Windows Server\Logs. If anyone has seen this or has any ideas I would be grateful.

 

[Jeff Drew]

Since this is a new build I can wipe it and start over. I have done so twice so far trying to get it to connect. The first time I set it up for personal use with a PIN. The second time I joined the domain and this time I started with the PIN again. I tried the Regedit fix to prevent domain joining, but that didn't seem to have any impact. This is a Gigabyte Brix GB-BRR7H-4800 with Ryzen 7 4800U. It has 16GB Crucial memory and Samsung 980 500GB m.2 stick.

 

[Jeff Drew]

I tried uninstalling, deleting the windows server folder and removing the scheduled tasks and then reinstalling. I get the computer unable to establish a trust relationship with the server, check the date and time and try again error. When i reboot and try again from the domain account it appears to work, but the launchpad can't connect. Could there be an issue with the server certificate?

 

[Jeff Drew]

I am becoming more convinced the issue is certificate related. I had to renew my certificate to get the dashboard to work in January. This is the first machine I have added since I renewed the certificate. I noticed I didn't have automatic rebind of renewed certificates set in IIS. I do now. I am going to try to renew the certificate again and see what happens.

 

[Jeff Drew]

OK. That didn't help. I remain suspicious that the certificate is part of the problem. The error stating the computer can't establish a trust relationship is what worries me.

 

[xilolee]

Hi!

"The trust relationship between this workstation and the primary domain failed" error when you log in to Windows 7 - Microsoft Support

 

[Jeff Drew]

I tried the above link. I removed the machine from the domain, put it back in and logged in with my domain account. Logging in with the domain account has not been the issue. The issue is that the connector can't log into the WSE 2016 server, so I don't get monitoring or backup. There appears to be a difference between the domain and how the connector logs in. That is obvious I guess, since it is not necessary to be a member of the domain to connect.

 

[Jeff Drew]

Ok, I finally looked at the event log and found that it is a certificate issue on the server.
Application: WseClientSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.WindowsServerSolutions.Certificates.CertificatesException
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase._SetClientCert(System.ServiceModel.Security.X509CertificateInitiatorClientCredential)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase._ConfigureChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.ChannelFactory`1<System.__Canon>, Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderEndpointBehaviorAttribute, System.Net.NetworkCredential)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase.ConfigureChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.ChannelFactory`1<System.__Canon>, Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderEndpointBehaviorAttribute, System.Net.NetworkCredential)

Exception Info: Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderException
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase.ConfigureChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.ChannelFactory`1<System.__Canon>, Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderEndpointBehaviorAttribute, System.Net.NetworkCredential)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.Internal.ProviderFrameworkConfigurator.GetDuplexChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.ICollection`1<System.ServiceModel.Description.IEndpointBehavior>, Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryClient.GetDuplexChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryClient.CreateWithCallback[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.AsyncConnector`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Connect(Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.ProviderConnectionInfo)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.ConnectionCanceller`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Connect(Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.ProviderConnectionInfo)
at Microsoft.WindowsServerSolutions.Common.ProviderFramework.GarbageCollectedTimer+CallbackClass.Callback(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()

does anyone know how to troubleshoot certificates? I had to renew the server certificate in January to get the dashboard working again. I seem to have broken the certificates for WSE when i fixed the dashboard.

 

[xilolee]

Check if you have installed all updates in your new machine, especially .net framework updates (and it's last version).

If it is already totally updated, try to disable and re-enable the .net framework.
(control panel, programs and features, uninstall a program, turn windows features on or off)

Verify if you need to enable .net framework previous versions, or just enable them.

 

[Jeff Drew]

i verified that the .net framework is the latest. I tried disabling the latest and enabling older versions and now i get
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

I still think it is a server certificate problem. It couldn't download the CAB. Complete log files attached. Anyone know how to fix server certificates?

 

[xilolee]

But you enabled both versions?

 

[Jeff Drew]

I disabled both versions and tried to get the connect to install 4.5. No joy. I then reenabled both and ensured they were updated. I was able to get some happiness by joining the domain first. I see the failure is occurring on the certificate for the IP address. I screwed up the SSL certificates when I installed a Blazor site and have not been able to get the IP address working on https since. i can get the server name and localhost working but not the IP and FQDN. I really think it is the SSL certificate. I have it configured wrong and need help fixing it.

 

[Jeff Drew]

My attempts to fix the SSL certificates have only made things worse. Now I am getting a bunch of Event 15021 errors - An error occurred while using SSL configuration for endpoint 0.0.0.0:443. The error status code is contained within the returned data.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

- <System>

<Provider Name="Microsoft-Windows-HttpEvent" Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />

<EventID Qualifiers="49152">15021</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2023-02-25T06:45:55.146111600Z" />

<EventRecordID>1406305</EventRecordID>

<Correlation />

<Execution ProcessID="4" ThreadID="180240" />

<Channel>System</Channel>

<Computer>DREWServer1.DREW.local</Computer>

<Security />

</System>

- <EventData>

<Data Name="DeviceObject" />

<Data Name="Endpoint">0.0.0.0:443</Data>

<Binary>000004000200300000000000AD3A00C00000000000000000000000000000000000000000000000005F0000C0</Binary>

</EventData>

</Event>

I really need to resolve the SSL issues first then if the Win 10 machine still won't connect I will try things on it. Anyone know SSL certificates?

 

[Jeff Drew]

OK, it was indeed a certificate issue. And it was so bad it couldn't be fixed. I upgraded to Server 2022 and everything is working fine. Thank you for the help, it led me to the real problem. Sadly, because it was trashed, I upgraded on a new disk, so the domain is gone and I have to re-setup all the users. 2 down and one to go.