WHS-2011 clients offline, certificate issue, how to fix

Question

WHS-2011 clients offline, certificate issue, how to fix

Phil 1

Hi

Have been running WHS-2011 since 2011 and after recent windows updates, all 5 of our home computers show up as offline and we can't access any backups.
No new computers show up either.
I have uninstalled the connectors and removed the machines from dashboard and when I went to install the connector there was trust issues, which I overcame by importing a certificate from the server. That got the connector installed but no connections.

On the server, in a log file named SharedServiceHost-AlertServiceConfig.2.log I see many entries with:

ProviderFramework: Information: [0] : PfErrorHandler: IGNORING WCF internal exception: (SecurityNegotiationException) The remote certificate is invalid according to the validation procedure. ==> (AuthenticationException) The remote certificate is invalid according to the validation procedure.
ChainTrustCertValidator: Certificate is not supported (not rooted from service's root cert). Expected root ca thumb=[8A5ACC7CDA0305C6D6FF7E562648990D1B396DA8], Actual = [4AE72E0721BD0831DA2D96BB7ADC03FD8E75B673]

Looking on the server at \Console Root\Certificates (Local Computer)\Personal Certificates I see 2x certificates with the server name followed by -CA

Issued to WHS-CA, Issued by WHS-CA, Expiration date 7/03/2052
Issued to WHS-CA, Issued by WHS-CA, Expiration date 25/05/2060

Details for the one with Expiration date 7/03/2052 has thumbrint of ‎8a 5a cc 7c da 03 05 c6 d6 ff 7e 56 26 48 99 0d 1b 39 6d a8
Details for the one with Expiration date 25/05/2060 has thumbrint of ‎‎4a e7 2e 07 21 bd 08 31 da 2d 96 bb 7a dc 03 fd 8e 75 b6 73

The 2 also appear in \Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates

In Certificate Authority, a right click on WHS-CA and looking at the properties, under General, shows 2x CA certificates:

Certificate #0 with validity from 15/03/2012 to 7/03/2052 and thumbprint ‎8a 5a cc 7c da 03 05 c6 d6 ff 7e 56 26 48 99 0d 1b 39 6d a8
Certificate #1 with validity from 2/06/2020 to 25/05/2060 and thumbprint ‎ 4a e7 2e 07 21 bd 08 31 da 2d 96 bb 7a dc 03 fd 8e 75 b6 73

These are the 2 mentioned in the log file.

When I couldn’t get the connector installed on the client PC, I exported Certificate #1 to a file and then imported into the client. The connector install on the client was then successful.

Looking on the client (WIN10 Pro) at \Console Root\Certificates (Local Computer)\Personal Certificates I see a certificate with the name of the client PC

Issued to DELL, Issued by WHS-CA, Expiration date 18/08/2050
It has a thumbprint of 49a921b7c43e63e78479bf1745aacd4d8e9496a7

Looking on the client at \Console Root\Certificates (Local Computer)\Personal Certificates I see 2x certificates with the server name followed by -CA

Issued to WHS-CA, Issued by WHS-CA, Expiration date 7/03/2052
Issued to WHS-CA, Issued by WHS-CA, Expiration date 25/05/2060

Details for the one with Expiration date 7/03/2052 has thumbrint of ‎8a 5a cc 7c da 03 05 c6 d6 ff 7e 56 26 48 99 0d 1b 39 6d a8
Details for the one with Expiration date 25/05/2060 has thumbrint of ‎‎4a e7 2e 07 21 bd 08 31 da 2d 96 bb 7a dc 03 fd 8e 75 b6 73

That's where I am stuck.

It seems to be a certificate issue but I have no idea on how to remedy it so looking for assistance here.

Thanks, Phil

2 answers

Your answer

Answer 1

Jenny Yan-MSFT 9,356

Hi,
After you exported the certificate and reinstalled the connector, what was the exact error message or behavior when you said no connections?

For problems of connecting computer to server, kindly check if the suggestions listed below could be helpful.
Troubleshoot connecting computer to the server
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-home-server/ff402458(v=ws.11)

Looking forward to your update and please help to accept as Answer if the response is helpful.

Thanks,
Jenny

Phil 1 Reputation point

2020-09-10T20:34:11.653+00:00

Hi Jenny

Currently, after certificate export and connector reinstallation, all computers show up in the dashboard as being offline. Clicking on view the computer properties for one of the computers shows "cannot determine the operating system information" and "cannot determine the system type information". Backups cannot be configured.

I can log into the dashboard from the computers.

On the computers, the launchpad application has a popup "the server is offline, You are not signed in".

Clicking backup on the launchpad, shows the backup properties popup with "backup was unsuccessful". View details shows "the server cannot authenticate the computer"

to be continued

Answer 2

continuation...

Back in time when the issues 1st occured, I can't really remember how the issue presented itself, I think it was computers showing offline after a windows build update.
I then uninstalled the connector, rebooted and reinstalled. The connector could not be installed but I can't remember the exact error message.
It turned out to be the server had been renamed by an application that was installed a few months before, so I changed the serve name back by editing a registry item.

The connector then failed installation due to a trust issue.
I then exported and imported the certificate and then installed the connector successfully.

I have run Robert Pearman's EssentialsTester.ps1 script on both client and server. Results are too big to post here. I have 2 posts at the bottom of https://windowsserveressentials.com/2014/02/14/windows-server-essentialsconfiguration-troubleshooter/#comment-126686

Your link results in a 404. I followed similar links.

Regards, Phil

Jenny Yan-MSFT 9,356 Reputation points

2020-09-11T07:52:46.407+00:00

Hi,
Thanks for the link and update. Please allow me to check the details you shared and search further.

If there is any findings, will keep you posted.

Thanks for your patience.

Best Regards,
Jenny

Share via

WHS-2011 clients offline, certificate issue, how to fix

2 answers

Your answer