Windows Server Essentials - Access Anywhere: Client is offline in dashboard

Magladroth 1 Reputation point
2020-10-20T08:08:20.08+00:00

Greetings everyone,

I have a problem with anywhere access after migrating to Essentials 2016 from SBS 2011.

As the title says, after successfully configuring anywhere access on the server and deploying the connector software to the client, it still shows as offline in the dashboard and cant be accessed via the /remote website (computer is visible but greyed out).

The weird thing is that the WSE backup for the client works fine and the connector tray on the client is green and says its connected to the server.

Does anyone have an idea as to what might be the problem? I´ll include the logs below.

What I already tried:

  • Downloaded the newest version of the connector software and installed it on the client
  • Removed decommissioned CA mentions (initially installed during essentials installation) from AD https://mssec.wordpress.com/2013/03/19/manually-remove-old-ca-references-in-active-directory/
  • Changed registry key "HKLM\Software\Microsoft\Windows Server\IDENTITY": "CA-Name" from "domain-ESSENTIALS-NAME-CA" zu "domain-SBS-NAME-CA"
  • Made the essentials server the primary DC
  • Old CA certificate was not viable anymore, deployed new certificate with new private key
  • Deployed new certificate template (did not exist): Windows Server Solutions Computer Certificate Template -> add-wsslocalmachinecert
  • Edited CRL-Extensions using this how-to: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1903/WS1_Cross_Domain_KCD/GUID-AWT-UPDATECERT.html
    (May be part of my problem, I´m a noob when it comes to certificate stuff. The example used in the link does not reflect the environment where the problem occurs, I made it work in my lab environment though)
  • Deployed new certificate revocation list
  • Used Robert Pearmans essentials tester skript -> IIS: no errors
    -> CA Infrastructure:
    Testing CA Name..
    Certificate Authority Online : Error
    Certificate Authority Name : Name Error
    Certificate Authority Cert : Errors Detected - Local Machine Store

Testing /Connect Certificate Package..
Connect Computer Certificate : OK

Testing CRL Download..
CRL Location : http://essentialsserver/CertEnroll/domain-CA-Name
CRL Destination : c:\windows\temp\crl.crl
CRL Download : OK

Testing CRL Distribution Configuration..

It is normal to see some 'File Not Found' messages above when using this CmdLet (G

CRL Extension (CDP) : OK
CRL Extension (CRL) : OK

Testing Dashboard Certificate..
Current Dashboard Certificate :
Dashboard Certificate : Error : (redacted)
Dashboard Certificate : OK
Dashboard Certificate : Error : (redacted)

Note: The CA was migrated from the SBS to essentials server and has the name of the SBS, I guess thats where the authority name error originates. I will also remove the dashboard certificates that are throwing errors (had to renew the CA-certificate a few times) and remove the CA-certificate causing the "Certificate Authority Cert : Errors Detected - Local Machine Store"-error. If that fixes it, I will report back immediately.

-> Test Services:
3
Testing Services on: essentials-server

Active Directory Certificate Services : Running Auto
E-Mail-Dienst von WSS : Stopped Disabled
WSS-Benachrichtigungsdienst : Running Auto
WSS-Dienst für das Medienstreaming : Stopped Auto
WSS-Dienst für die Anbieterregistrierung : Running Auto
WSS-Dienst für die Computersicherung : Stopped Auto
WSS-Integritätsdienst : Running Auto
WSS-Speicherdienst : Running Auto
WSS-Verwaltungsdienst : Running Auto

I don´t want the essentials server to do client backups, so the service being disabled is fine I guess. I don´t know about the media streaming service and the email service though.

-> Test Service Ports:
Testing Service Ports on : essentials-server

TCP 80 (Used for Websites) : OK
TCP 443 (Used for Websites) : OK
TCP 6602 (Used for Status) : OK
TCP 8912 (Used for Backups) : Error
TCP 65520 (Used for Mac Website) : OK
TCP 65500 (Used for CA Website) : OK

-> Role install: No errors

I know there are a lot of similar threads regarding this topic, but none of those did the trick for me. If anyone has an idea I would really appreciate it :)

Cheers,

Mats

Windows Small Business Server
Windows Small Business Server
A family of Microsoft server products with messaging and collaboration, security-enhanced internet access, protected data storage, reliable printing, faxing, and the ability to run line-of-business applications. Replaced by Windows Server Essentials.
40 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,526 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Karlie Weng 16,076 Reputation points Microsoft Vendor
    2020-10-21T08:33:47.91+00:00

    Hello @ Magladroth

    When trying to connect with client computer, is there any error message?

    Have you try repair Anywhere Access?

    1. Log on to the server, and open the Dashboard.
    2. Click Settings, and then click the Anywhere Access tab.
    3. Click Repair. The Repair Anywhere Access wizard starts.
    4. Click Next. The wizard analyzes Anywhere Access, identifies the issue, and then attempts to repair the issue.
    5. If you receive an alert when the wizard finishes, you can click Retry to try to repair the issue again. If you continue to receive an alert, check the alert for additional information about the issue and troubleshooting steps.

    The domain name must match the Subject or Subject Alternative Name set on the certificate you want to use.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards
    Karlie

    0 comments
  2. Magladroth 1 Reputation point
    2020-10-22T07:28:46.62+00:00

    Hello Karlie, thanks for your reply.

    Before I started to implement your suggestions, I checked the remote website again just to be sure and the client wasn´t greyed out anymore.

    Tested the connection from two different systems and it seems to work fine now.

    The client still shows up as offline in the dashboard, but that is not that much of a concern since we use other software to monitor the clients.

    Thank you for your help

    Regards,

    Mag