Windows Admin Center Can't Access .local Domain After .com Cert Install

Question

This is a new install of Admin Center. I initially installed it using the self signed cert and setup our new cluster. So I can see several servers and they are currently working as of this writing.

Our domain is .local. But I installed a wildcard *.domain.com cert onto the server and created an A record in a split brain zone in AD. I loaded the cert in using the below commands and I can log in via the Web GUI using the new cert.

Import-Module "$env:ProgramFiles\WindowsAdminCenter\PowerShellModules\Microsoft.WindowsAdminCenter.Configuration"

Set-WACCertificateSubjectName -Thumbprint "myThumprint"

Set-WACCertificateAcl -SubjectName "CN=myDomain.com"

Restart-Service -Name WindowsAdminCenter

I have manually added the Network Service account to the certs security in Cert Management. When I try to do anything with Active Directory in Admin Center I get the below message:

If I try to manually add a server I get this message:

I am thinking that the issue is now it's trying to look for my domain at .com. Even though we have our domain setup with an alias for m365 you can't use it to find servers and talk to AD. Has anyone done something similar where they use a .com cert on a .local domain?

I will continue troubleshooting but at this point I opened up perms on the new cert all the way so I don't believe it's a permission issue.

Any ideas on how to fix this? I may revert to self signed to see if it works.

Answer 1

I should have waited to post this as I've now found the answer. The issue appears to be a FQDN that needed updated.

It appears that you can't change domain type, .local to .com, via CLI. You need to rerun the installer and use the custom install option. After you import the cert you will be prompted with a FQDN page. Make sure to change .local to .com on that page and when the server finishes setting up again it will work.