Remotewebaccess.com certifikat fornyelse - lang forklaring

More
10 months 3 weeks ago #147 by JudgeFredd
Efter nogle opdatering fra MS fungerer "Anywhere Access" / Remote web access / VPN / RDP ikke længere, hvis man benytter en std. MS adresse, e.g. ditfirmanavn.remotewebaccess.com, funktionen kan ikke repareres, og adressen kan ikke "releases" og genopsætning.

Fejlen skyldes et eller andet med at MS har droppet TLS 1.2, og kan rettes på følgende måde.

Åbn regedit, og opret/tilret følgende:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Kør herefter nedenstående kommandoer via Powershell (admin tilstand):
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" -Name "DefaultSecureProtocols" -Value '0xAA0' -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" -Name "DefaultSecureProtocols" -Value '0xAA0' -PropertyType DWORD -Force
Powershell kørslen er muligvis kun nødvendig i 2012 R2..

BEMÆRK! Server skal genstartes bagefter, og opsætning/reparation skal foretages på ny, da jeg rettede det startede jeg med at "release" nuværende adresse, og genopsætte den bagefter, og herefter køre reparation, der går noget tid (halv til hel time?) inden det træder helt igennem, det er særligt DNS pegningen på domænet der tager tid. Det er ikke sikkert reparation er nødvendigt, man skal måske bare release, vente 5 minutter, genopsætte, vente noget tid, og så teste igen..

Link til (en af) de originale artikler:
www.askwoody.com/forums/topic/essentials...tewebaccess-renewed/

Uddrag fra denne artikel:
Users/Consultants stated that when they went to run the RWA wizard that the domain service couldn’t be reached and that dynamic dns can’t be updated and that the Microsoft cloud authentication did not succeed because the Microsoft Cloud integration service cannot authenticate with Microsoft cloud.

Solution to this has been found for my Consultant friends in Toronto…
Windows Server Essentials 2016.
Windows Server Essentials 2012R2
It involves a registry edit/reboot on the server to ensure TLS 1.2 is used as I understand it.
From one successful Consultant…
” After the reboot, I believe I hit the “Repair…” button under “Anywhere Access” and it completed. When I refreshed the Health Monitoring, the DDNS error went away.”
The attached TXT file needs to be renamed to .reg and run. Also attached is a PowerShell version that needs to be renamed as well. There is an addition for 2012 non-R2.
Administrator level required. I attach the files only because of the fickleness of the Internet to remember where to find things when you need them most.
I would STRONGLY suggest you actively review the info below and backup the registry or relevant portion at least prior to running the fix.
I found the following articles while doing a search…
This article (once translated from German: thanks EDGE!) better explains the why/when of it all…
sbsland.me/category/computers-and-internet/troubleshooting/
and has the source for the files attached
This one has some trouble-shooting tips…
www.lifewire.com/solving-dns-server-not-...nding-errors-4039966

Please Log in to join the conversation.

Time to create page: 0.450 seconds