This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Last year a similar issue occurred and by manually applying the registry edits from these two threads most seemed to resolve their issues:
The problem is as of yesterday (May 3 2022) I am now experiencing the issue again. Re-applying the registry tweaks does not solve the issue either unfortunately. More so, I am not able to un-register my domain through the wizard or change to a new one, I am seeing the same issue as this user on their fresh install: https://learn.microsoft.com/en-us/answers/questions/814489/cloud-services-integration-amp-anywhere-access-not.html?childToView=836816#answer-836816
Looking at my Dashboard.log in the ProgramData\Microsoft\Windows Server\Logs folder I see the below:
[5840] 220504.122339.7059: DomainConfigWizard: Next Page: progressPage
[6024] 220504.122340.0497: DomainManagerObjectModel: InvokeAsync: action resulted in exception: System.ServiceModel.FaultException1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:CommitDomain failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> Microsoft.Rest.Azure.CloudException: The access token is from the wrong issuer 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/'. It must match the tenant 'https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later. at Microsoft.WindowsServerSolutions.DDNS.AzureRmDnsServer.GetARecords(String domainName) in E:\WSE-ServicesAndTools\src\ServicesAndTools\DDNS\DDNS\AzureR...). [6024] 220504.122340.0497: DomainManagerObjectModel: InvokeAsync: handling exception by transferring to eventArgs [5840] 220504.122340.0653: DomainConfigWizard: Error occurred in Domain Manager Object Model operations: System.ServiceModel.FaultException1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:CommitDomain failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> Microsoft.Rest.Azure.CloudException: The access token is from the wrong issuer 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/'. It must match the tenant 'https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later.
at Microsoft.WindowsServerSolutions.DDNS.AzureRmDnsServer.GetARecords(String domainName) in E:\WSE-ServicesAndTools\src\ServicesAndTools\DDNS\DDNS\AzureR...).
[5840] 220504.122340.0653: DomainConfigWizard: FailReason from Domain Manager Object Model operations: CommunicationFailure
This gives some insight to the root cause but I am not sure how to go from here to fix this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 83%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Hello Chris,
I have the same problems since Monday.
The logs show the same errors.
The Server think I have the same IP- Address since Monday, what is not true.
I hope that this will be fixed by Microsoft soon.
I am seeing the same issue after a router reboot changed the external IP address. I am not seeing the same error in my Dashboard.log but I am seeing something odd, the old external IP address is shown
[7788] 220505.095922.2483: ConnectivityCenter: DomainNameProviderCredentials.CredentialsStatus: True
[3512] 220505.095922.2483: ConnectivityCenter: Job finish. Result: Success
[10524] 220505.095922.2483: ConnectivityCenter: Job DomainNameProviderCredentialsDiagnosticsJob complete, 64% done.
[6420] 220505.095922.4824: ConnectivityCenter: DomainServiceReachableInfo.ReachableStatus: True
[11200] 220505.095922.4824: ConnectivityCenter: Job finish. Result: Success
[10524] 220505.095922.4824: ConnectivityCenter: Job DomainServiceReachableDiagnosticsJob complete, 71% done.
[4720] 220505.095922.4980: ConnectivityCenter: DomainNameResolveableInfo.ExternalIP: 86.170.204.53
[9816] 220505.095922.4980: ConnectivityCenter: Job finish. Result: Success
[10524] 220505.095922.4980: ConnectivityCenter: Job DomainNameResolveableDiagnosticsJob complete, 78% done.
[10260] 220505.095922.4980: ConnectivityCenter: DDNSUpdateAttemptionInfo.DDNSUpdateStatus: False
[7456] 220505.095922.4980: ConnectivityCenter: Job finish. Result: Success
[10524] 220505.095922.4980: ConnectivityCenter: Job DDNSUpdateDiagnosticsJob complete, 85% done.
[10016] 220505.095922.4980: ConnectivityCenter: Global event triggered for port: 80.
[8224] 220505.095922.6543: ConnectivityCenter: Service Call Finished on Port: 443
[8224] 220505.095922.6543: ConnectivityCenter: Global event triggered for port: 443.
[10016] 220505.095922.6543: ConnectivityCenter: ConnectivityInfo.HttpsInbound: True
[10016] 220505.095922.6543: ConnectivityCenter: ConnectivityInfo.Inbound: True
[216] 220505.095922.6543: ConnectivityCenter: Job finish. Result: Success
[10524] 220505.095922.6543: ConnectivityCenter: Job InboundConnectivityDiagnosticsJob complete, 92% done.
[7052] 220505.095928.8261: DomainManagerObjectModel: Calling KeepAlive for instanceID=2
[7052] 220505.095928.8261: DomainManagerObjectModel: KeepAlive succeeded for instanceID=2
[7280] 220505.095938.1855: ConnectivityCenter: NdfDiagnoseIncident returns 0x0,
[7280] 220505.095938.1855: ConnectivityCenter: 0 root causes identfied
[7280] 220505.095938.1855: ConnectivityCenter: DoubleNatInfo.DoubleNat: False
[4540] 220505.095938.1855: ConnectivityCenter: Job finish. Result: Success
[10524] 220505.095938.1855: ConnectivityCenter: Job DoubleNatDiagnosticsJob complete, 100% done.
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.FirewallConfigurationAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.InboundConnectivityAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DoubleNatConfigurationAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2168: ConnectivityCenter: RemoteAccessAnalyzer: VPN server deployment result: InstallationSucceeded
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.RemoteAccessAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DomainNameConfigAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DomainNameExpireAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DomainNameNearlyExpireAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2168: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DomainNameProviderCredentialsAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2324: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DomainNameResolveableAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2324: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DomainServiceReachableAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2793: ConnectivityCenter: DDNSUpdateAnalyzer: DDNS update failed, should be manual fixed
[6164] 220505.095938.2793: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.DDNSUpdateAnalyzer analyze completed. 1 suggestions found.
[6164] 220505.095938.2793: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.CertificateAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2793: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.IisConfigurationAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2793: ConnectivityCenter: Microsoft.WindowsServerSolutions.Connectivity.Analyzers.TsGatewayConfigurationAnalyzer analyze completed. 0 suggestions found.
[6164] 220505.095938.2793: ConnectivityCenter: Current SQM Data is 2064383.
[10524] 220505.095938.2793: ConnectivityCenter: Diagnositcs completed. Status: Success
[10524] 220505.095938.2949: ConnectivityCenter: Suggestion: An error occurred while updating the dynamic DNS information for your server with the information that you gave your domain name service provider. Please try again later. If this problem continues, contact your domain name service provider for support.
[10524] 220505.095938.2949: ConnectivityCenter: Overall status: Error
[10524] 220505.095938.2949: ConnectivityCenter: Properties updated.
I have updated .Net to 4.8 just in case there is something odd there but I can't test that until I restart the server which will be later this evening
The dashboard log might only happen if you try to repair or alter the anywhere access domain name through the wizard.
Where did you find the other log? I'll check mine.
I looked for any updates that could have caused this but didn't see any yet this week happening before the change. Mine too stopped working Monday at like 3am EST.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 39%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Rebooting the server doesn't fix it.
I have 2 sites with this problem.
I did a fresh install of Server 2016 in a VM to test and even an out of the box non-updated version has the same issue so I don't think this has to do with a recent update, it seems some endpoint the feature depends on has changed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 63%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Same here in Germany. But 2 servers are ok (2012R2 Essentials) and another has the problems described. All Updates installed on all servers
Perhaps you can nudge this guy to come up with a new fix like they did last year haha
https://sbsland.me/category/computers-and-internet/troubleshooting/
i sent him a massage.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 54%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Same issue here. Service when down after a router reboot and public IP address change.
If I ping my old domain (domain).remotewebaccess.com it returns the OLD public address I had before.
Very strange.
So the .Net update didn't have any effect, I suspected it wouldn't but it was worth a shot.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 55.00000000000001%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
same here in Bermuda, started this morning when one of my isp's went down. I have tried everything
Any update on this? I cant repair or release the domain. This is going to be a nightmare for me.
what i did: I switch to dyndns and a free certifcate. This helps for a moment.
Isn't it great when you spend lots of money on an enterprise level product to provision for a customer buying in that the product will at least function until the end of life date only for the company to leave you hanging in the wind half way though it's total shelf life?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 18%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Same here. The kicker is I'm a military member and it's going to be at least 6 weeks before I can physically get in front of the machine.
Hope nothing requires attention between now and then....
This is what I ended up doing as well. Hopefully it can be fixed, and I can switch back.
This changes the domain name url correct?
Yes it will
Like Thomas said, Yes. I would have replied earlier, but the reply button was not available on my phone.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 12%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Same here in Budapest, Hungary. The regedit workaround did not help, still old IP is shown.
I added the dinamic IP to the host file of the endpoint client and that helped but this is not a solution, as every time IP changes, I need to edit host file on the endpoints.
Let me know if there is a solution.
Blog post about the issue
https://www.mcbsys.com/blog/2022/05/debugging-remotewebaccess-com/
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 43%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHJ%3C/text%3E%3C/svg%3E)
some on my side :-(
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 97%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Hi
We have made some changes and changes and expect the issue to go away.
Can you please verify at your end/setups ?
Hi
We have made some changes and changes and expect the issue to go away.
Can you please verify at your end/setups ?
Still seeing the same issue. Made sure all updates were applies and rebooted. I attached my dashboard.log with the sensitive data covered in x's. I had to convert it to a pdf as the forum wasn't allowing me to upload it as a .log or .txt file. The server is still trying to update remotewebaccess using my old ip address not my current public ip.201203-dashboard.pdf
We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.
Thanks and Regards
Samriddhi
We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.
Thanks and Regards
Samriddhi
We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.
Thanks and Regards
Samriddhi
We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.
Thanks and Regards
Samriddhi
We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.
Thanks and Regards
Samriddhi
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 12%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDH%3C/text%3E%3C/svg%3E)
Hooray, working again here! Thank you so much, greatly appreciated. Windows Server 2012 R2 Standard with Essentials Role. :)
Mine just came back online on its own. Thank you for taking care of this!!!
@Samriddhi Chaturvedi I want to ask though. How likely is this issue to return? Will we be good until the 2027 EOL date?
It seems to be resolved for our domain as well
We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.
Thanks and Regards
Samriddhi
No issue is not likely to come back !
Regards
Samriddhi
Thank you @Samriddhi Chaturvedi for your hard work on this. I wish I had your ear several years ago when I reported that the mac client connector was (and still is) broken due to a dependency on Objective-C Garbage collection that Sierra+ doesn't allow but at this point I doubt that will ever be fixed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 26%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
Hi everyone.
Looks like the free Microsoft dynamic dns service in Essentials 2012 and 2016 has stopped working after recent windows update KB5020690 and KB5020023.
Any fixes?
Kind regards
I did a fresh install of Server 2016 E and still see the same so it's not just those updates. I made a new thread here:
Seeing related issues again now :( . Made a new thread
Every Windows Server 2012 R2 and 2016 Essentials I get health reports on, are all reporting "The dynamic DNS information cannot be updated" both yesterday 11/13 and today 11/14. All are fully patched and up to date from 11/08, doubtful patch Tuesday updates are the cause as they updated fine from 11/9-12.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 89%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Same here. One 2012 essentials. Wrong ip address after company move. Cannot remove domain, cannot repair.
Just been reading about TLS 1.2 issue. Could this be related?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 59%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
I have the TLS 1.2 fix applied on my machine, but it's still broken for me.
Looks like the information on the previous post about https://dyndns.domains.live.com/service/livedyndns.asmx being down is the cause this time.
I wonder what the number of affected people is? Or the actual cost, both to business and I.T support? Happened too many times, always been slow to respond. Took a private guy and a reg hack last time. Actually shameful MS.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 63%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
October 17, 2022—KB5020435 (OS Builds 19042.2132, 19043.2132, and 19044.2132) Out-of-band - Microsoft Support
Install that and see if it fixes the issue?
October 17, 2022—KB5020435 (OS Builds 19042.2132, 19043.2132, and 19044.2132) Out-of-band - support.microsoft.com
Windows 10, version 20H2 and Windows Server, version 20H2 update history; October 28, 2022—KB5020953 (OS Builds 19042.2194, 19043.2194, and 19044.2194) Out-of-band
support.microsoft.com
If this fixes it, that was slid into the PREVIEW update of 9/20
New! Turns off Transport Layer Security (TLS) 1.0 and 1.1 by default in Microsoft browsers and applications. For more information, see KB5017811.
So the side effect for the October security update was really a kinda security feature that was slid into the preview release
September 20, 2022—KB5017380 (OS Builds 19042.2075, 19043.2075, and 19044.2075) Preview - Microsoft Support
September 20, 2022—KB5017380 (OS Builds 19042.2075, 19043.2075, and 19044.2075) Preview - Microsoft Support - support.microsoft.com
Windows 10, version 1909 and Windows Server, version 1909 update history; End of service statement; May 10, 2022—KB5013945 (OS Build 18363.2274)
support.microsoft.com
Can you guys see if that helps?
That's a Windows 10 update.
This issue is specific to Windows Server Essentials 2012 and 2016.
Try it on the workstations accessing it if they don't have the October updates installed?
No. This is a server-side issue, not a client or workstation issue.
Try the links to the server patches - they are the server versions of the TLS fixes.
KB5020439 came inside the KB5017396 SSU.
Yes, it's already installed on my machine.
No, it did not help.
That wouldn't be inside the SSU, it would be included in the October security update if you've installed that already.
https://support.microsoft.com/en-us/topic/october-18-2022-kb5020439-os-build-14393-5429-out-of-band-f9840376-4f36-45c3-8dd8-f366c4b884dd
Actually it would be in the November updates. It's not included in the October security updates. It's a specific out of band update that isn't in KB5017396 SSU
And I'm not certain for sure it works, but just saying it may be related as it does fix TLS issues and has impacted other legacy products.
According to the description, "It addresses an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures. For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of less than 5 bytes within a single input buffer. If the connection fails, your app will receive the error, “SEC_E_ILLEGAL_MESSAGE”."
So even without the patch, I would think curl https://dyndns.domains.live.com/service/livedyndns.asmx would receive something, no? It's just timing out.
Also keep in mind that from the reports I've seen, this broke for everyone on the same day, 11/11 or thereabouts, which would not seem to correspond to a patch release.
Seems to be down again
https://downforeveryoneorjustme.com/remotewebaccess.com
Typically it may take some time for someone at MS to resolve this. I would honestly move away from this as a solution for remote access if this is what your firm relies on.
I'm pretty sure that the downforeveryoenorjustme site is trying to resolve the "root" domain [www.]remotewebaccess.com, which should not necessarily resolve.
I have customername.remotewebaccess.com resolving fine at three sites.
Can you please provide the error logs from the repro setups ?
When do you get this error ?
Can you please provide the error logs from the repro setups ?
When do you get this error ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 33%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
We have the same error on two Server 2016 Essentials after installing the September updates.
@Samriddhi Chaturvedi Glancing through my blog post on this issue, I commented on 11/14/2022 that there was an issue with https://dyndns.domains.live.com/service/livedyndns.asmx. When I visit that domain today, it shows that its certificate expired 9/16/2023. I suspect that is related, perhaps the cause.
I tested 4 Server 2016 Essentials I have running this morning, all resolve fine currently. But all 4 have been displaying "The dynamic DNS information cannot be updated" error in their daily reports since Saturday. (the domain name provider cannot be contacted). If you have a dynamic IP address I'd refrain from rebooting your modem or in some cases router unless absolutely necessary. It will break your xxx.remotewebaccess.com getting its updated IP address info if your ISP changes your IP address until this issue is fixed. With Comcast for example, you may or may not get a new IP address. I have CenturyLink fiber and I get a new IP address every single time my router is rebooted.
As mcbsys mentioned, I believe this is the culprit with an expired cert.. https://dyndns.domains.live.com/service/livedyndns.asmx
We re actively looking into this.
Thanks a lot for the pointers. We are actively looking into this issue.
Can anyone confirm if this is broken once again?
On a brand new/clean Windows Server 2016 Essentials install (with the "SystemDefaultTlsVersions" and "SchUseStrongCrypto" .NET Framework registry settings set to 1) I'm consistently getting an unknown timeout error when attempting to configure a Microsoft personalized domain name within Anywhere Access.
These are the events that are logged in the server's Dashboard.log file:
[4316] 240225.082530.7179: DomainManagerObjectModel: InvokeAsync: action resulted in exception: System.ServiceModel.FaultException`1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:SubmitCertificateRequest failed, Detail:The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ]).
[4316] 240225.082530.7179: DomainManagerObjectModel: InvokeAsync: handling exception by transferring to eventArgs
[4192] 240225.082530.7179: DomainConfigWizard: Error occurred in Domain Manager Object Model operations: System.ServiceModel.FaultException`1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:SubmitCertificateRequest failed, Detail:The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ]).
[4192] 240225.082530.7179: DomainConfigWizard: FailReason from Domain Manager Object Model operations: CommunicationFailure
It appears that the Anywhere Access config wizard is able to successfully sign in to the Microsoft Live account, but then times out with a "CommunicationFailure" error when calling the "SubmitCertificateRequest" method. Looks to me like it's an issue occurring over on Microsoft's backend.
I haven't tried to set up a new WSE 16 box but my existing remotewebaccess domains still seem to be working, though I also pay for no-ip to have a backup dynamic dns.
I have this note I made to myself from Sept of 2022 (the last time I installed WSE16) to add these values via PowerShell but not sure if that would fix it for you.
# PowerShell
New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force
Also found this post of mine where it looks like I reported a similar inability to register in Nov '22 and Samriddhi Chaturvedi from Microsoft responded resolving it internally:
@ChrisWY27 Thank you for your responses.
Yes, I've already added all of the required .NET Framework registry keys that you've mentioned (and restarted the server), but that makes no difference here. The registry keys do allow the Microsoft (Live) Account to be successfully signed into, but they do not prevent the timeout error from occurring when the domain name setup wizard attempts to communicate with the Microsoft personalized domain name provider service.
For me, the timeout issue appears any time I try to either set up a remotewebaccess.com domain name for the very first time (on a newly setup 2016 Essentials server), or whenever I attempt to change an existing remotewebaccess.com domain name when one has already been set up previously on the Essentials server (i.e. open Settings, go to the Anywhere Access tab, click the Set up button under the domain name section, in the domain name set up wizard that appears click Next -> choose “Use another domain name or domain name service provider” (do not choose the release option or you may loose your existing domain prefix) -> choose “I want to set up a new domain name” -> click Next -> Next -> sign in to your Live account -> choose “Choose a registered name” and select your existing domain prefix from the drop-down list -> click Next -> timeout error happens every time after about 30 seconds or so).
Thus, it definitely appears to be an issue taking place over on Microsoft's (back)end to me. I'm just wondering if others are able to reproduce the issue. I have lots of customers running Windows Server 2016 Essentials that are reporting the issue to me, but I'm not seeing anyone else reporting it over here on these Microsoft forums (which seems a bit odd). Thanks again for your input.
My best guess is either not many are changing domains, or there are few users like us freshly installing WSE '16. Perhaps I can spin up a VM later and try to verify the same is happening on my end, though if multiple customers are reporting it to you it's most likely an issue on the Microsoft end. Perhaps @Samriddhi Chaturvedi can chime in if they still work there.
@The Office Maven I found a VM with WSE already installed and attempted to set up a domain name unfortunately also seeing the following:
The error in the Dashboard.log was "The request channel timed out while waiting for a reply".
@ChrisWY27 Yes, that's the (generic timeout) error I'm seeing as well... So it's definitely reproducible by others. Hopefully someone from Microsoft sees this thread and can get the issue resolved for everyone. Thanks again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOB%3C/text%3E%3C/svg%3E)
Hello Yes, Essentials also stopped working on my Server 2016Essentials since April 4th, 2024. All Netframework registry settings are present
With (Get-ItemProperty "HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full").Version the currently installed version is displayed from .net version 4 onwards. With (Get-ItemProperty "HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5").Version the currently installed version is displayed from .net version 3.5 onwards. # PowerShell New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v2.0.50727" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft.NETFramework\v2.0.50727" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force v4.5.23026 v4.5.1 -------------------------------------------------- -------------------------------------------------- -------------------------------------------------- ------------ New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.5.1" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.5.1" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.5.23026" -Name "SystemDefaultTlsVersions" -Value 1 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.5.23026" -Name "SchUseStrongCrypto" -Value 1 -PropertyType DWORD -Force
TLS 1.0., 1.1, 1.2 on
The DNS information for the server cannot be updated because it cannot connect to the domain name provider. Contact the domain name provider
Domain Name Provider pleas help Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 50%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Still not working its desolating , what a service microsoft gives , shame on microsoft
Samriddhi will look after us.
We are still actively investigating this. Thanks for your patience.
@Samriddhi Chaturvedi apparently the ability to set up a remotewebaccess.com Microsoft personalized domain name is once again broken in the Anywhere Access feature of Windows Server 2016 Essentials. I'm absolutely flabbergasted that you guys cannot keep this feature working. It gets broken (by Microsoft) every few months, and then it takes multiple months to get you guys to become aware of the issue and then finally resolve it again. I've never seen anything like it in all my years of computer programming. It really is quite maddening. I realize that it's not your fault, but you do have to admit that it's more than a bit ridiculous.
Anyway... Attempting to set up a remotewebaccess.com domain name in Essentials is once again producing the generic "unknown error occurred" error message. Looking in the server's Dashboard.log file shows the following error getting logged:
[10188] 241016.081932.7557: DomainManagerObjectModel: InvokeAsync: action resulted in exception: System.ServiceModel.FaultException`1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:SubmitCertificateRequest failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
I assume that this has something to do with the fact that Microsoft has now disabled the use of basic authentication in their Live accounts as is mentioned here (although I cannot be sure):
My understanding is that Windows Server 2016 Essentials is supported until January 12, 2027 and so it would be really nice if this issue could be resolved (again).
Thank you!
Susan,
For the LiveID, isn't there is a modern auth popup when in the wizard?
"Could not establish trust relationship for the SSL/TLS secure channel" sounds to me like an expired certificate or possibly the old TLS version issue. Does the https address appear in the dashboard log? You could also check
C:\ProgramData\Microsoft\Windows Server\Logs\NetworkHealthPlugin-DomainManagementFeature.log
I even resorted to Wireshark at one time to try to get the failing URL. If you can get the URL, then you could try it in a browser or with curl to get more details on the failure.
None of which is your job! One does wonder why Microsoft can't keep this working as promised.
Hi Mark. Hi Susan. Are you still having issue? I haven't checked my servers yet. There is a good MS tech in this thread that has helped us multiple times in the past. Shall I bring him in?
Hi @Jesse Flintoff and @mcbsys ...
I'm not sure where Susan fits into all of this, but if you guys are referring to me (The Office Maven) then my name is actually Mike. ;-)
Anyway... Yes, it is indeed still broken (and probably will be over and over and over again). I've tried to bring @Samriddhi Chaturvedi in on this thread (again), but if you happen to know of a different MS tech that may be able to help folks out then by all means please do bring them in.
@mcbsys I didn't mean to infer that the disabling of basic authentication was the direct cause for the issue, but rather that it is awful coincidental that the remotewebaccess.com Microsoft personalized domain name configuration process broke in Anywhere Access at nearly the same time as when Microsoft switched off basic auth on their Live accounts (i.e. right around September 16th, 2024 or so) and so it may have something to do with that was all (as it has certainly caused other issues to pop up in Essentials such as the breaking of the emailing of health reports, etc.). Additionally, I do not see the https address listed within any of the Essentials log files. I suppose that I could go interrogate the source code in order to find the address, but I'm not sure that doing so is a good use of my time seeing as even if I do find it there's probably nothing that I can do with it anyway seeing as it would most definitely be something that needs to be corrected over on Microsoft's backend server and not within Essentials itself. I do appreciate your response though.
Lastly, I'll just mention that with the frequency that Microsoft keep busting the remotewebaccess.com Microsoft personalized domain name feature in Essentials, folks should avoid using them like the plague now and just switch over to using their very own custom/vanity domain name instead. I have a step-by-step writeup on how to do just that in Windows Server Essentials (using either a user-purchased SSL certificate or a free Let's Encrypt SSL certificate) posted on my website over here:
How To Manually Set Up A Custom / Vanity Domain Name In Windows Server Essentials
When you manually set up your own domain in Anywhere Access, you are in full control of it, and so you no longer need to worry about things going down over on Microsoft's backend (as you do when relying on a remotewebaccess.com Microsoft personalized domain name). ;-)
Mike, thanks for the follow-up and I apologize for the name mixup. Susan Bradley posted a link to your 10/17 post here and I mistakenly assumed she was the one who had made the post. But she's The Patch Lady and you're The Office Maven. I knew that, honest!
I agree that it's not worth wasting much time on Essentials 2016 features. Fortunately established dynamic DNS still seems to be working. I haven't tried to set it up again. I still have one customer on that, but I'm planning to replace the server as soon as Essentials 2025 is released in the next month or two. Router-based Wireguard for VPN (remote files and RDP), Synology for backup, manual DC configuration... no longer all in one dashboard but hopefully more robust.
Lol sorry Mike.
I get emails but i dont see the latest comments here.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 82%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
It's like the threads from OfficeMaven have been moved.
You have to sort by newest and not by helpful and then it shows up. OfficeMaven said:
@Samriddhi Chaturvedi apparently the ability to set up a remotewebaccess.com Microsoft personalized domain name is once again broken in the Anywhere Access feature of Windows Server 2016 Essentials. I'm absolutely flabbergasted that you guys cannot keep this feature working. It gets broken (by Microsoft) every few months, and then it takes multiple months to get you guys to become aware of the issue and then finally resolve it again. I've never seen anything like it in all my years of computer programming. It really is quite maddening. I realize that it's not your fault, but you do have to admit that it's more than a bit ridiculous.
Anyway... Attempting to set up a remotewebaccess.com domain name in Essentials is once again producing the generic "unknown error occurred" error message. Looking in the server's Dashboard.log file shows the following error getting logged:
YAMLCopy
[10188]
I assume that this has something to do with the fact that Microsoft has now disabled the use of basic authentication in their Live accounts as is mentioned here (although I cannot be sure):
My understanding is that Windows Server 2016 Essentials is supported until January 12, 2027 and so it would be really nice if this issue could be resolved (again).
Thank you!
@mcbsys We are investigating. I totally understand the customer's concern, but we do have lots of internal changes going on and anything which is not security complaint is getting impacted. Server Essentials and Remote Web Access workflows are one of them due to the legacy nature.
Also, we have a contract with GoDaddy to host the remotewebaccess domain and anything going off on that side also impacts us.
That being said, this is being investigated and I very sorry for the bad experience.
But it definitely is good idea for costumers to start exploring other alternatives for the RemoteWebAccess as its super legacy, almost in the end-of-life state with just some minimal extended support.
@mcbsys @Jesse Flintoff : Hi again.
I am very sorry for the poor customer experience. I understand the pain and we are looking into this on priority.
There are lots of moving parts around this workflow and anything going wrong anywhere causes the issues we encounter. We have internal security compliances and if they don't get met, the service gets impacted. We have dependency on external parties like GoDaddy and anything going wrong with that flow could cause an issue.
That being said, WSE and RWA are legacy components and under limited extended end-of-life state with minimal maintenance support. So, it would really be a good idea for customers to start moving to newer and more secured and robust alternatives that Microsoft offers.
Thank you Samriddhi. Very grateful.
Kindest regards
@Samriddhi Chaturvedi Thank you for stepping in here once again. I do want to clarify your advice, though. My understanding is that the only thing that keeps breaking is the remotewebaccess.com process. Sometimes obtaining a certificate fails; sometimes dynamic DNS forwarding fails. The simple solution for that is to buy and install a custom certificate and set up third-party DDNS.
However your comments seem to imply that Remote Web Access itself is unstable? Are we at risk of losing the ability to use the RWA web site for file access? What about the RDS Gateway?
Thank you for your input.
Hi @mcbsys
Sorry if my previous message implied that entire Remote Web Access is unstable.
You are right.
The only problematic workflows are around remotewebaccess.com.
As I mentioned before, there are few parts around this workflow and we do have external dependencies too which we are trying to fix.
But even with that, the WSE product itself is under limited support so moving to alternatives is a wise choice.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 63%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Hello @Samriddhi Chaturvedi, unfortunately it seems to be down again.Windows Server 2016. Our Dashboard.log reports:
[9096] 241129.122823.6490: DomainConfigWizard: Next Page: progressPage [5676] 241129.122827.3279: DomainManagerObjectModel: InvokeAsync: action resulted in exception: System.ServiceModel.FaultException
1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: Il creatore dell'errore non ha specificato Reason. (Dettaglio errore è uguale a DomainManagerFault:[Reason:CommunicationFailure, Message:SubmitCertificateRequest failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.Check...). [5676] 241129.122827.3279: DomainManagerObjectModel: InvokeAsync: handling exception by transferring to eventArgs [9096] 241129.122827.3299: DomainConfigWizard: Error occurred in Domain Manager Object Model operations: System.ServiceModel.FaultException1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: Il creatore dell'errore non ha specificato Reason. (Dettaglio errore è uguale a DomainManagerFault:[Reason:CommunicationFailure, Message:SubmitCertificateRequest failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.Check...). [9096] 241129.122827.3299: DomainConfigWizard: FailReason from Domain Manager Object Model operations: CommunicationFailure
Could you help us to solve this issue?
Thank you so much
Same for me
The DynDNS service seems to be borked.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 13%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
It is December 20th, and I'm having the same problem.
Client's SSL certificate apparently expired, which broke adding a machine to the domain and broke remote access. I've been trying for days to get the remote access working. I have a client's certificate expiring in 17 days and another in 42 days.
I am able to register a domain and release a domain (although it throws an error)
What is happening now is that anywhere access quits working after the SSL certificate dies.
I tried a repair and got this:
RetrievedWholeOfferingList:True
[15112] 241220.180941.4855: DomainConfigWizard: Next Page: progressPage
[15112] 241220.180941.4978: DomainConfigWizard: GetAvailableDomainRootsCompleted, Result:remotewebaccess.com
[15112] 241220.180941.4978: DomainConfigWizard: GotoNextPage: from Live_SelectLiveDomainPage to Live_TypeDomainNamePage
[15112] 241220.180948.5958: DomainConfigWizard: CheckDomainAvailabilityCompleted, Result:True
[15112] 241220.180950.9037: DomainConfigWizard: Leaving Page: Live_TypeDomainNamePage
[15112] 241220.180950.9047: DomainConfigWizard: Wizard Model Value: Wizard Model dictionary[CertNotRequired]:False
Wizard Model dictionary[DomainConfigured]:True
Wizard Model dictionary[ConnectedToInternet]:True
Wizard Model dictionary[CertToExpire]:False
Wizard Model dictionary[ReleaseDomain]:False
Wizard Model dictionary[ReconfigWarning]:False
Wizard Model dictionary[OnTransferWarning]:False
Wizard Model dictionary[LiveFlowSignInCancelled]:False
Wizard Model dictionary[DomainNotSupported]:False
Wizard Model dictionary[GitMeFlow]:False
Wizard Model dictionary[LiveFlow]:True
Wizard Model dictionary[OemFlow]:False
Wizard Model dictionary[CreateANewDomain]:True
Wizard Model dictionary[CreateANewDomainForO365]:False
Wizard Model dictionary[ManualConfig]:False
Wizard Model dictionary[OemFlowWithOneProvider]:False
Wizard Model dictionary[IsValidLiveCredential]:True
Wizard Model dictionary[UseExistingButNoDomainRegistered]:False
Wizard Model dictionary[UserOwnsLiveDomains]:True
Wizard Model dictionary[PrivacyAgreed]:True
Wizard Model dictionary[ReachQuota]:False
CurrentOffering:Offering: [Name:Microsoft personalized domain name,Provider:15f4c1c4-44c9-4218-822f-6fe3ca60a262]
DomainRoots:
remotewebaccess.com
DomainNameSuggestions:
UserLiveDomainNames:
********.remotewebaccess.com
****.remotewebaccess.com
****t.remotewebaccess.com
***s.remotewebaccess.com
***i.remotewebaccess.com
***e.remotewebaccess.com
RetrievedWholeOfferingList:True
[15112] 241220.180950.9099: DomainConfigWizard: Next Page: progressPage
[9156] 241220.180954.7965: DomainManagerObjectModel: InvokeAsync: action resulted in exception: System.ServiceModel.FaultException`1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:SubmitCertificateRequest failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.Check...).
[9156] 241220.180954.7965: DomainManagerObjectModel: InvokeAsync: handling exception by transferring to eventArgs
[15112] 241220.180954.8052: DomainConfigWizard: Error occurred in Domain Manager Object Model operations: System.ServiceModel.FaultException`1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:SubmitCertificateRequest failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.Check...).
[15112] 241220.180954.8062: DomainConfigWizard: FailReason from Domain Manager Object Model operations: CommunicationFailure
[16240] 241220.181025.1090: DomainManagerObjectModel: Calling KeepAlive for instanceID=1
[16240] 241220.181025.1090: DomainManagerObjectModel: KeepAlive succeeded for instanceID=1
[11304] 241220.181125.1094: DomainManagerObjectModel: Calling KeepAlive for instanceID=1
[11304] 241220.181125.1094: DomainManagerObjectModel: KeepAlive succeeded for instanceID=1
Has been failing since August 2024. Can we somehow escalate this?
We have deployed some changes and see positive results in our test setups. Please give a try and see if RWA looks better on your setups.
We have deployed some changes and see positive results in our test setups. Please give a try and see if RWA looks better on your setups.
We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.
Thanks and Regards
Samriddhi
@Samriddhi Chaturvedi , this is happening again. Are you still able to assist?
Good morning @Samriddhi Chaturvedi .I hope you're well. This seems to be down again. Can you work your magic please? Kindest regards.
We are working actively on this issue and will keep you all posted.
Thanks a lot for your patience!
Thanks, and Regards
Samriddhi
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 33%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFD%3C/text%3E%3C/svg%3E)
Thank you for trying to find a solution as soon as possible because I personally take care of 27 server 2012 or 2016.
That will give me a big headache if their external IP change all at once.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 61%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi Samriddhi, I just tested it on one of my clients, it's working again, thank you very much.
Greetings from Northern Germany
Michel Mohr
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 47%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
I can confirm a Windows Server Essentials 2012R2 VM was able to update DNS tonight with a new dynamic IP.
Thank you it's working for me as well.
It is working again for me too. Thank you.
Any idea what caused the problem, and if its going to require another fix a year from now?
Server 2016 w/ Essentials Role
Thank you @Samriddhi Chaturvedi for working the problem and @Richard Hay for looping in the right people.
I'm also very concerned to understand whether Microsoft is committed to supporting the Essentials features through the EOL date of January 2027. What happened this time, why do things keep breaking, why is it always a surprise to Microsoft, and why do we need to rely on the kindness of @Susan Bradley to rattle enough cages to wake Microsoft up to the problem? Many of us have built a business around the Microsoft platform and its supposed commitment to a product lifecycle, only to feel like Essentials has been forgotten and abandoned.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 6%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
The problem went away on my server yesterday without me doing anything. See this thread: https://learn.microsoft.com/en-us/answers/questions/814489/cloud-services-integration-amp-anywhere-access-not.html?childToView=841438#answer-841438
The tenant id had changed due to some internal changes.
We fixed those.
We do not expect to see the issue come back again.
Thanks a lot for your patience.
Regards
Samriddhi
Thank you for fixing the problem.
During the downtime I got scared, it wouldn’t be fixed so I started to do my research for a free way to solve the problem and found out it was quite easy. I lost too much time on this so for you not to lose your's, here is the simplest way I found to replace or at least have a backup next time remotwebaccess.com goes down.
1 Because most of my customers don't have static IP (the IP the internet provider gives out) I created a DNS Hostname on dyndns.org that updates the hostname to point to the current WAN IP when it changes. (noip.com is also easy to use.) By doing that I get an exemple.dydns.org hostname always pointing to the right WAN IP. To update that IP I used the dynamic DNS update service in the router, there is also a software called Dyn updater available on dyndns.org to install as a program on the server if the router is not accessible.
2 I installed the Windows ACME Simple (WACS) on the Windows essential server to get a free SSL certificate from let's encrypt linked to that exemple.dyndns.org hostname. https://miketabor.com/how-to-install-a-lets-encrypt-ssl-cert-on-microsoft-iis/
3 Now I simply have to replace the exemple.remotewebaccess.com by exemple.dyndns.org as RD Gateway server in the RDP setting on the client’s computer. (Right click, modify, advanced tab, in the server name field.)
That's it!
And now as a bonus since I've realized how much work / trouble I would have to go through to get my customer up and running again for the 27 different Windows servers I care for if let's say Microsoft decided it wouldn’t repair the remowebaccess.com functionality or took a long time to fix it. I created a cname on my domain name pointing to the exemple.dyndns.org for now but I could change it to point to something else in a matter of seconds if the service goes down. So now when I create the RDP link my customer use to connect to their own computers through the RD Gateway server I use the cname instead of the exemple.remotewebaccess.com or the exemple.dyndns.org.
For example, I could buy the domain name "mydomain.com", in the DNS of that domain (in the hosting server settings, cpanel or directadmin or other) I could do a cname "server1" pointing to exemple.dyndns.org. So as RD gateway server name in the RDP file I would put server1.mydomain.com. In case of another problem, I wouldn’t have to change anything in the 500+++ RDP file settings, phone, iPad... I would simply take 2 minutes to login in the hosting server control panel and change the cname from pointing to exemple.dyndns.org to something else. I can even delete the cname create an A record pointing directly to the current WAN IP where the server is located.
FOR MICROSOFT, if your small business customer means anything to you, please bring back the essentials features in server essential 2019, 2022 and the next. Seriously, the dashboard with anywareaccess, the remotewebaccess.com with free GoDaddy ssl certificate, the daily email with the server status and all the computers connected with the connector state (hard drive full, updates status, computer to server backup) and most of all the simplicity of it all. It took 2 hours to build and prepare a server 2012, 2012 R2 or 2016 to go install at a customer's place and maybe 15 minutes by computer once there to connect them to it. Super super easy ! So easy that a lot of my customers were able to add users, change permission, add and remove a user's remote access rights by themselves without even having to call me. Now, everything is still feasible but oooooooo my god why complicate things so much. Removing the remote desktop gateway from Windows server essentials 2019, 2022 ???? Really... Why ???? Now I have to create VPN connection in the Ubiquiti gear for every user in every company then install that connection on their laptop, phone, iPad. And finally create the RDP connection straight to their computer. Imagine having a 70-year-old boss of a small company asking you to guide him through the configuration of a VPN and the download and installation of RD Client on his new iPhone he had to buy during his vacation. The cloud, the cloud, I know, Windows Server on Azure, I know, I know. The simplicity and to be frank the cost of the server essential 2012 and 2016 really miss me. It was easy to convince a small company hosting their files on dropbox to get a small server with Windows server essential because it was cheap fast and all included. Now with server essential 2019 or 2022 the simple "Will I be able to connect to my work computer from home ?" question brings more questions, do you want to pay for a vpn router or monthly for a remote access software (team viewer ?, Google Chrome Remote Desktop?) It's getting hard to sell your products when you remove so much features from it that a simple NAS + VPN router can replace it... Sorry I had to rant, it disappointed me so much when I saw what was done to the 2019 and 2022 version of essential, it's like buying a brand new 2022 car but realizing that now it doesn’t have cruise control, electric windows, sunroof, radio, high beams, power steering, sun visors,... it's still a car but I think I'd much rather stick with my 2016.
Thanks for passing on this information! I used to have a certificate for my domain and a static IP but then I switched to Bell Canada's gigabit Ethernet and they don't support static IPs. Windows Server 2016 Essentials was a great solution. I wasn't sure if free certificates would work with a DDNS and then I found the TLS 1.2 patches so didn't pursue it farther. Now you have proven it can be done so thank you.
Your comments about the crippling of a great product that small businesses or even home users love is right on!!! Most of my customers need a server to support popular accounting packages like SAP Business One, Sage 300 ERP and Sage BusinessVision and none of these work in the cloud. Therefore in the past I have used SBS 2000, SBS 2003, SBS 2007, SBS 2011 and finally Windows Server 2016 (full version) with the Essentials role turned on. I also used MS SQL Server and Pervasive SQL Server depending on the accounting system. The last install I did before retiring was SAP Business One on Windows Server 2019 and what a disaster it was. After setting up VPN and RDP Gateway, SAP wouldn't work. It seems that DirectAccess came along for the ride and used ports 6000-47000 which conflicted with SAP. Because I had never run into problems with any of the previous operating systems and SAP were on a new version I called on SAP support to resolve the problem. Two and a half months later when the problem had not been solved I took drastic measures to find the root of the problem. Between my time and SAP about 90 hours were wasted!
To Microsoft...
Like others have said, I too have no idea what I, family, or clients will move to in 2027 when Server 2016 sunsets. The Client backup feature has been instrumental in protecting the 100s of computers I help out with at various sites. You sold me on this back in 2009 with the introduction of WHS and when WHS11 was retired I bought Server 16 E licenses because this feature was so important to me. If the essentials role really is gone after 2027 I'll probably be forced into some sort of Linux solution to provide this functionality.
I understand your feeling about the 90 hours wasted more than you can imagine. Each time there's a new version I always have to force myself into using it. I'm used to the bugs in the old versions since I passed so much of my time figuring it out.
Frankly, what my customer wants/need is already in the 2012 version of Windows server. If they could pay to get more support years for their old products, they would instead of updating.
For 99% of my small business customer what there looking for in a server is :
That's about it... They’re not looking for a nice shiny Ferrari they want a good old unstoppable tractor.
OK there I am ranting again but the same goes for the computers they work on. When they had to switch from Windows 7 to 10, they were not happy about it for a simple reason, their computer is a tool. They use it to work and got used to where things are located. If they spend 10 years finding the start button on the bottom left and one day it's replaced by a bunch of tiles like Windows 8 they don’t say hooray what a useful and necessary change, they tell me to bring it back. I'm currently preparing them for the forced change in 2027 when they will have to drop the Windows 10 they now work with without any issues and relearn to use another product Windows 11. Because you know that now that the start button will be in the center life will become so much better.
I understand that some people like changes and are able to pick it up fast but, for God’s sake, make a theme or something to make it look and feel like before. That way the people that prefer to go fishing, hunting, skydiving, spending time with their grand kids during their weekend instead of playing with their computers won't be pissed at me when coming back to work. :D hahaha
We got a hold of the issue and we should be able to correct it in a day.
Since we have some 3rd party godaddy certs in play, it will take a day to get things back in shape.
Working now thank you Samriddhi. Very grateful.
Are you still facing issues or is it resolved on your setups ?
Resolved thank you Samriddhi. Very grateful for your help. Kindest regards
We have stabilized the Issue and the new SSL certs for the RWA/anywhere access should be working fine. There might still be some scenarios where we may see failures saying "CertificateNotTrusted". This in most cases is due to delay in CA being able to verify the newly issued certificate. We have released a hotfix for this problem, and it is a client-side fix and would be available in the 3B i.e March Windows Update for Server 2016/1607 platforms. Please make sure to take the next Windows Update so that the client-side fix for this problem is available.
Disregard please.
I got an email but now I do not see a comment @The Office Maven
Hi @Samriddhi Chaturvedi I'm seeing issues with the Microsoft personalized domain names now (both with the March Windows Updates installed, and without). I'm able to configure Anywhere Access with a remotewebaccess.com Microsoft personalized domain name just fine. However, the next time I reboot the server, or restart the server Dashboard, and the health evaluations are run, it appears that whatever the process that's taking place for checking the health of the Anywhere Access SSL cert is causing the bindings for the "Default Web Site" to be removed in IIS (and it's also getting unbound from the RD gateway as well on every reboot of the server).
It looks like the bindings are removed as part of the standard health check process, and then a failure happens when they are being added back again (which results in the bindings being missing in IIS). I've spent some time tracking this down (many days actually), and as best as I can tell, the backend service that issues the Go Daddy based remotewebaccess.com SSL cert used to install the cert into the "Personal" certificate store with an exportable private key attached. It appears that whatever changes you guys made to the backend, are now causing the cert to be installed into the "Personal" certificate store without an exportable private key, and this in turn is causing the IIS binding checks that Essentials is using to fail, and the SSL cert not able to be bound to - or becoming unbound from on reboot - the RD gateway because of permission issues (I verified this using the Remote Desktop Gateway Manager UI).
It's interesting in that if the Go Daddy SSL cert for the personalized domain name was previously issued, and hasn't expired yet, then it is simply reissued (even to a completely different/new server), and reused. And sometimes the previously issued SSL cert (that's being reissued) still has an "older" type of SSL cert that still has an exportable private key attached, and then Anywhere Access / Remote Web Access works just great. However, picking a brand new personalized domain name (or choosing one that hasn't been used in more than a year and doesn't have a valid pre-existing SSL cert) when setting up the domain name in Anywhere Access always causes the binding problem seeing as its private key isn't exportable and so it has insufficient permissions to be bound to the the "Default Web Site" in IIS and/or to the RD Gateway (and any manual attempts to bind the cert to the "Default Web Site" in IIS and/or to the RD Gateway just fails with various missing private key and/or permission errors).
So... It appears that whatever changes were made that causes the Go Daddy issued SSL cert to be imported into the "Personal" cert store with a non exportable (i.e., locked down) private key is what's causing all of the problems that I'm seeing (and I expect others are as well). Also, since I'm seeing the issue happen with or without the March updates installed, it appears that the problem is in the backend service and not with the changes that have been made for the "client-side fix" in the 3B Windows Updates.
I hope what I've said makes sense, and thanks for all of your (and the team's) hard work on this one.
@Samriddhi Chaturvedi just checking in to make sure that you saw my April 1st comment on this (above). Thanks again!
Hi @The Office Maven . Yes I did see your comment. Sorry I missed to respond to it.
Even though we have not touched anything around how the private keys are stored and just followed the older ways, assuming it might work, but I see your concern and I am looking into it.
Thanks Again!
@Samriddhi Chaturvedi that's interesting. Thank you for letting me know. I'm definitely seeing some different (odd) behavior going on with the SSL certs that didn't happen before, and so I appreciate you looking into it for everyone. BTW, one thing I noticed that's different is that the "new" SSL certs are brought into the "Certificates Enrollment Requests" cert store (with an exportable private key, but without a valid certification path because there is no CA Root certificate on the certs in there) before they are placed in the "Personal" cert store. This didn't appear to happen with the "old" certs (or maybe it did and they were just deleted from that store before and now they aren't). Anyway... Thanks again and I hope that you discover the problem.