Score:0

Cannot Create a CSR for Windows 2016 Server with Windows Server Essentials Experience Installed

jp flag

I have a Windows 2016 server with the Windows Server Essentials Experience installed for Anywhere Access and everything was working fine until the SSL Cert expired and I needed to create a new CSR. All I get is “An error occurred while setting up your domain name” and that’s as far as I could get. I have uninstalled WSEE, rebooted and reinstalled with the same issue. I then setup a new VM for WSEE and I get is the issue below with the same error.

I open up Windows Server Essentials Dashboard

Select “Set up Anywhere Access”

Select “Click to configure Anywhere Access”

On the “Set up Anywhere Access” > Next

On the “Set Up Your Domain – Getting Started” > Next

On the “Set Up Your Domain – Do you own a domain name?” I select “I want to use a domain name I already own” and put in the domain name > Next

On the “Set Up Your Domain – Manually configure your domain name” I check the box “I have manually configured my domain name” > Next

On the “Set Up Your Domain – Set up a trusted SSL certificate” I specify the domain name prefix, select “I want to purchase a trusted SSL certificate for the domain name” then click on “Certificate request details” > Next

I get the following error: An Error Occurred While Setting Up Your Domain Name

In the Dashboard.log file I get this error: [6708] 220303.134745.3155: DomainManager:DefaultCertificateServiceProvider: CertManaged.GenerateCSR failed with error 0x80092023

Here is the full block of the error:

[6708] 220303.134745.0077: DomainConfigWizard: Next Page: Manual_GenerateCertRequestPage

[6708] 220303.134745.0183: DomainManager:DefaultCertificateServiceProvider: Try to generate CSR for distinguished name CN=remote.domain.com,O=Company, Inc.,OU=I.T.,L=City,ST=State,C=US

[8084] 220303.134745.0183: IDENTITY: GenerateCSR using the names: ComputerName ComputerName

[6708] 220303.134745.3155: DomainManager:DefaultCertificateServiceProvider: CertManaged.GenerateCSR failed with error 0x80092023

[6708] 220303.134745.3155: DomainConfigWizard: Error occurred in Domain Manager Object Model operations: Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DomainException: DomainManagerFault:[Reason:LocalProviderFailure, Message:Failed to generate certificate request, Detail:GenerateCSR Exception ]

at Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DefaultCertificateServiceProvider.GenerateCertificateRequestString(String distinguishedName)

at Microsoft.WindowsServerSolutions.RemoteAccess.Domains.DefaultCertificateServiceProvider.GenerateCertificateRequest(CertificateDistinguishedNameProperties dnProperties)

at Microsoft.WindowsServerSolutions.RemoteAccess.Domains.ManualPages.Manual_GenerateCertRequestPage.Manual_GenerateCertRequestPage_PageEnter(Object sender, EventArgs e)

[6708] 220303.134745.3155: DomainConfigWizard: FailReason from Domain Manager operations: LocalProviderFailure

Score:1
cn flag

The cert's subject line is malformed:

CN=remote.domain.com,O=Company, Inc.,OU=I.T.,L=City,ST=State,C=US

The comma after O=Company is illegal, because it is used as delimiter for RDNs, thus cannot be used inside the RDN value. Just remove that comma.

Richard H avatar
jp flag
Thank you, that definitely solved my problem. Removed the comma and the CSR was generated.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.