Cannot Create a CSR for Windows 2016 Server with Windows Server Essentials Experience Installed

I have a Windows 2016 server with the Windows Server Essentials Experience installed for Anywhere Access and everything was working fine until the SSL Cert expired and I needed to create a new CSR. All I get is “An error occurred while setting up your domain name” and that’s as far as I could get. I have uninstalled WSEE, rebooted and reinstalled with the same issue. I then setup a new VM for WSEE and I get is the issue below with the same error.

I open up Windows Server Essentials Dashboard

Select “Set up Anywhere Access”

Select “Click to configure Anywhere Access”

On the “Set up Anywhere Access” > Next

On the “Set Up Your Domain – Getting Started” > Next

On the “Set Up Your Domain – Do you own a domain name?” I select “I want to use a domain name I already own” and put in the domain name > Next

On the “Set Up Your Domain – Manually configure your domain name” I check the box “I have manually configured my domain name” > Next

On the “Set Up Your Domain – Set up a trusted SSL certificate” I specify the domain name prefix, select “I want to purchase a trusted SSL certificate for the domain name” then click on “Certificate request details” > Next

I get the following error:

In the Dashboard.log file I get this error: [6708] 220303.134745.3155: DomainManager:DefaultCertificateServiceProvider: CertManaged.GenerateCSR failed with error 0x80092023

Here is the full block of the error:

[6708] 220303.134745.0077: DomainConfigWizard: Next Page: Manual_GenerateCertRequestPage

[6708] 220303.134745.0183: DomainManager:DefaultCertificateServiceProvider: Try to generate CSR for distinguished name CN=remote.domain.com,O=Company, Inc.,OU=I.T.,L=City,ST=State,C=US

[8084] 220303.134745.0183: IDENTITY: GenerateCSR using the names: ComputerName ComputerName

[6708] 220303.134745.3155: DomainManager:DefaultCertificateServiceProvider: CertManaged.GenerateCSR failed with error 0x80092023

[6708] 220303.134745.3155: DomainConfigWizard: Error occurred in Domain Manager Object Model operations: Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainException: DomainManagerFault:[Reason:LocalProviderFailure, Message:Failed to generate certificate request, Detail:GenerateCSR Exception ]

at Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DefaultCertificateServiceProvider.GenerateCertificateRequestString(String distinguishedName)

at Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DefaultCertificateServiceProvider.GenerateCertificateRequest(CertificateDistinguishedNameProperties dnProperties)

at Microsoft.WindowsServerSolutions.RemoteAccess.Domains.ManualPages.Manual_GenerateCertRequestPage.Manual_GenerateCertRequestPage_PageEnter(Object sender, EventArgs e)

[6708] 220303.134745.3155: DomainConfigWizard: FailReason from Domain Manager operations: LocalProviderFailure

The cert's subject line is malformed:

CN=remote.domain.com,O=Company, Inc.,OU=I.T.,L=City,ST=State,C=US

The comma after O=Company is illegal, because it is used as delimiter for RDNs, thus cannot be used inside the RDN value. Just remove that comma.