remotewebaccess.com Anywhere access broken on Server 2016 Again?

Question

Last year a similar issue occurred and by manually applying the registry edits from these two threads most seemed to resolve their issues:

https://learn.microsoft.com/en-us/answers/questions/319165/remotewebaccesscom-down-again.html?childToView=836766#answer-836766

https://learn.microsoft.com/en-us/answers/questions/318584/are-the-problems-with-remotewebaccesscom-domain-an.html?page=2&pageSize=10&sort=oldest

The problem is as of yesterday (May 3 2022) I am now experiencing the issue again. Re-applying the registry tweaks does not solve the issue either unfortunately. More so, I am not able to un-register my domain through the wizard or change to a new one, I am seeing the same issue as this user on their fresh install: https://learn.microsoft.com/en-us/answers/questions/814489/cloud-services-integration-amp-anywhere-access-not.html?childToView=836816#answer-836816

Looking at my Dashboard.log in the ProgramData\Microsoft\Windows Server\Logs folder I see the below:

[5840] 220504.122339.7059: DomainConfigWizard: Next Page: progressPage
[6024] 220504.122340.0497: DomainManagerObjectModel: InvokeAsync: action resulted in exception: System.ServiceModel.FaultException1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:CommitDomain failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> Microsoft.Rest.Azure.CloudException: The access token is from the wrong issuer 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/'. It must match the tenant 'https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later. at Microsoft.WindowsServerSolutions.DDNS.AzureRmDnsServer.GetARecords(String domainName) in E:\WSE-ServicesAndTools\src\ServicesAndTools\DDNS\DDNS\AzureR...). [6024] 220504.122340.0497: DomainManagerObjectModel: InvokeAsync: handling exception by transferring to eventArgs [5840] 220504.122340.0653: DomainConfigWizard: Error occurred in Domain Manager Object Model operations: System.ServiceModel.FaultException1[Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainManagerFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to DomainManagerFault:[Reason:CommunicationFailure, Message:CommitDomain failed, Detail:System.Web.Services.Protocols.SoapException: Live Dynamic DNS has encountered an internal error. This error has been logged. ---> Microsoft.Rest.Azure.CloudException: The access token is from the wrong issuer 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/'. It must match the tenant 'https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later.
at Microsoft.WindowsServerSolutions.DDNS.AzureRmDnsServer.GetARecords(String domainName) in E:\WSE-ServicesAndTools\src\ServicesAndTools\DDNS\DDNS\AzureR...).
[5840] 220504.122340.0653: DomainConfigWizard: FailReason from Domain Manager Object Model operations: CommunicationFailure

This gives some insight to the root cause but I am not sure how to go from here to fix this.

Answer 1

We were able to get things working on our local test setups.
Can you please verify your setups and see if the issue went away for you.

Thanks and Regards
Samriddhi

Answer 2

some on my side :-(

Answer 3

It is working again for me too. Thank you.
Any idea what caused the problem, and if its going to require another fix a year from now?

Server 2016 w/ Essentials Role

Answer 4

Thank you for fixing the problem.

During the downtime I got scared, it wouldn’t be fixed so I started to do my research for a free way to solve the problem and found out it was quite easy. I lost too much time on this so for you not to lose your's, here is the simplest way I found to replace or at least have a backup next time remotwebaccess.com goes down.

1 Because most of my customers don't have static IP (the IP the internet provider gives out) I created a DNS Hostname on dyndns.org that updates the hostname to point to the current WAN IP when it changes. (noip.com is also easy to use.) By doing that I get an exemple.dydns.org hostname always pointing to the right WAN IP. To update that IP I used the dynamic DNS update service in the router, there is also a software called Dyn updater available on dyndns.org to install as a program on the server if the router is not accessible.

2 I installed the Windows ACME Simple (WACS) on the Windows essential server to get a free SSL certificate from let's encrypt linked to that exemple.dyndns.org hostname. https://miketabor.com/how-to-install-a-lets-encrypt-ssl-cert-on-microsoft-iis/

3 Now I simply have to replace the exemple.remotewebaccess.com by exemple.dyndns.org as RD Gateway server in the RDP setting on the client’s computer. (Right click, modify, advanced tab, in the server name field.)

That's it!

And now as a bonus since I've realized how much work / trouble I would have to go through to get my customer up and running again for the 27 different Windows servers I care for if let's say Microsoft decided it wouldn’t repair the remowebaccess.com functionality or took a long time to fix it. I created a cname on my domain name pointing to the exemple.dyndns.org for now but I could change it to point to something else in a matter of seconds if the service goes down. So now when I create the RDP link my customer use to connect to their own computers through the RD Gateway server I use the cname instead of the exemple.remotewebaccess.com or the exemple.dyndns.org.

For example, I could buy the domain name "mydomain.com", in the DNS of that domain (in the hosting server settings, cpanel or directadmin or other) I could do a cname "server1" pointing to exemple.dyndns.org. So as RD gateway server name in the RDP file I would put server1.mydomain.com. In case of another problem, I wouldn’t have to change anything in the 500+++ RDP file settings, phone, iPad... I would simply take 2 minutes to login in the hosting server control panel and change the cname from pointing to exemple.dyndns.org to something else. I can even delete the cname create an A record pointing directly to the current WAN IP where the server is located.

FOR MICROSOFT, if your small business customer means anything to you, please bring back the essentials features in server essential 2019, 2022 and the next. Seriously, the dashboard with anywareaccess, the remotewebaccess.com with free GoDaddy ssl certificate, the daily email with the server status and all the computers connected with the connector state (hard drive full, updates status, computer to server backup) and most of all the simplicity of it all. It took 2 hours to build and prepare a server 2012, 2012 R2 or 2016 to go install at a customer's place and maybe 15 minutes by computer once there to connect them to it. Super super easy ! So easy that a lot of my customers were able to add users, change permission, add and remove a user's remote access rights by themselves without even having to call me. Now, everything is still feasible but oooooooo my god why complicate things so much. Removing the remote desktop gateway from Windows server essentials 2019, 2022 ???? Really... Why ???? Now I have to create VPN connection in the Ubiquiti gear for every user in every company then install that connection on their laptop, phone, iPad. And finally create the RDP connection straight to their computer. Imagine having a 70-year-old boss of a small company asking you to guide him through the configuration of a VPN and the download and installation of RD Client on his new iPhone he had to buy during his vacation. The cloud, the cloud, I know, Windows Server on Azure, I know, I know. The simplicity and to be frank the cost of the server essential 2012 and 2016 really miss me. It was easy to convince a small company hosting their files on dropbox to get a small server with Windows server essential because it was cheap fast and all included. Now with server essential 2019 or 2022 the simple "Will I be able to connect to my work computer from home ?" question brings more questions, do you want to pay for a vpn router or monthly for a remote access software (team viewer ?, Google Chrome Remote Desktop?) It's getting hard to sell your products when you remove so much features from it that a simple NAS + VPN router can replace it... Sorry I had to rant, it disappointed me so much when I saw what was done to the 2019 and 2022 version of essential, it's like buying a brand new 2022 car but realizing that now it doesn’t have cruise control, electric windows, sunroof, radio, high beams, power steering, sun visors,... it's still a car but I think I'd much rather stick with my 2016.

Answer 5

I wonder what the number of affected people is? Or the actual cost, both to business and I.T support? Happened too many times, always been slow to respond. Took a private guy and a reg hack last time. Actually shameful MS.