WHS-2011 clients offline, certificate issue, how to fix

Phil 1 Reputation point
2020-09-10T04:21:12.267+00:00

Hi

Have been running WHS-2011 since 2011 and after recent windows updates, all 5 of our home computers show up as offline and we can't access any backups.
No new computers show up either.
I have uninstalled the connectors and removed the machines from dashboard and when I went to install the connector there was trust issues, which I overcame by importing a certificate from the server. That got the connector installed but no connections.

On the server, in a log file named SharedServiceHost-AlertServiceConfig.2.log I see many entries with:

ProviderFramework: Information: [0] : PfErrorHandler: IGNORING WCF internal exception: (SecurityNegotiationException) The remote certificate is invalid according to the validation procedure. ==> (AuthenticationException) The remote certificate is invalid according to the validation procedure.
ChainTrustCertValidator: Certificate is not supported (not rooted from service's root cert). Expected root ca thumb=[8A5ACC7CDA0305C6D6FF7E562648990D1B396DA8], Actual = [4AE72E0721BD0831DA2D96BB7ADC03FD8E75B673]

Looking on the server at \Console Root\Certificates (Local Computer)\Personal Certificates I see 2x certificates with the server name followed by -CA

Issued to WHS-CA, Issued by WHS-CA, Expiration date 7/03/2052
Issued to WHS-CA, Issued by WHS-CA, Expiration date 25/05/2060

Details for the one with Expiration date 7/03/2052 has thumbrint of ‎8a 5a cc 7c da 03 05 c6 d6 ff 7e 56 26 48 99 0d 1b 39 6d a8
Details for the one with Expiration date 25/05/2060 has thumbrint of ‎‎4a e7 2e 07 21 bd 08 31 da 2d 96 bb 7a dc 03 fd 8e 75 b6 73

The 2 also appear in \Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates

In Certificate Authority, a right click on WHS-CA and looking at the properties, under General, shows 2x CA certificates:

Certificate #0 with validity from 15/03/2012 to 7/03/2052 and thumbprint ‎8a 5a cc 7c da 03 05 c6 d6 ff 7e 56 26 48 99 0d 1b 39 6d a8
Certificate #1 with validity from 2/06/2020 to 25/05/2060 and thumbprint ‎ 4a e7 2e 07 21 bd 08 31 da 2d 96 bb 7a dc 03 fd 8e 75 b6 73

These are the 2 mentioned in the log file.

When I couldn’t get the connector installed on the client PC, I exported Certificate #1 to a file and then imported into the client. The connector install on the client was then successful.

Looking on the client (WIN10 Pro) at \Console Root\Certificates (Local Computer)\Personal Certificates I see a certificate with the name of the client PC

Issued to DELL, Issued by WHS-CA, Expiration date 18/08/2050
It has a thumbprint of 49a921b7c43e63e78479bf1745aacd4d8e9496a7

Looking on the client at \Console Root\Certificates (Local Computer)\Personal Certificates I see 2x certificates with the server name followed by -CA

Issued to WHS-CA, Issued by WHS-CA, Expiration date 7/03/2052
Issued to WHS-CA, Issued by WHS-CA, Expiration date 25/05/2060

Details for the one with Expiration date 7/03/2052 has thumbrint of ‎8a 5a cc 7c da 03 05 c6 d6 ff 7e 56 26 48 99 0d 1b 39 6d a8
Details for the one with Expiration date 25/05/2060 has thumbrint of ‎‎4a e7 2e 07 21 bd 08 31 da 2d 96 bb 7a dc 03 fd 8e 75 b6 73

That's where I am stuck.

It seems to be a certificate issue but I have no idea on how to remedy it so looking for assistance here.

Thanks, Phil

Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jenny Yan-MSFT 9,356 Reputation points
    2020-09-10T08:50:41.137+00:00

    Hi,
    After you exported the certificate and reinstalled the connector, what was the exact error message or behavior when you said no connections?

    For problems of connecting computer to server, kindly check if the suggestions listed below could be helpful.
    Troubleshoot connecting computer to the server
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-home-server/ff402458(v=ws.11)

    Looking forward to your update and please help to accept as Answer if the response is helpful.

    Thanks,
    Jenny


  2. Phil 1 Reputation point
    2020-09-10T20:42:30.553+00:00

    continuation...

    Back in time when the issues 1st occured, I can't really remember how the issue presented itself, I think it was computers showing offline after a windows build update.
    I then uninstalled the connector, rebooted and reinstalled. The connector could not be installed but I can't remember the exact error message.
    It turned out to be the server had been renamed by an application that was installed a few months before, so I changed the serve name back by editing a registry item.

    The connector then failed installation due to a trust issue.
    I then exported and imported the certificate and then installed the connector successfully.

    I have run Robert Pearman's EssentialsTester.ps1 script on both client and server. Results are too big to post here. I have 2 posts at the bottom of https://windowsserveressentials.com/2014/02/14/windows-server-essentialsconfiguration-troubleshooter/#comment-126686

    Your link results in a 404. I followed similar links.

    Regards, Phil


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.