Windows Admin Center | Microsoft Community Hub

Forum Widgets

Latest Discussions

Windows Admin Center v2.4 will not use SAN Cert
Hello, We've noticed an issue with the new Windows Admin Center Modernized Gateway (v2.4) and SAN certificates, at least in our environment. All of our servers get an autoenroll computer certificate (hostname.domainname.com) -- it only uses a common name, and has no subject alternative names. For webservers, we generate an additional certificate with subject alternative names, so that web browsers do not report an insecure https website. Windows Admin Center v2.4 does not seem to work with these certificates. When installing WAC and selecting the correct SAN certificate in the "Custom Setup" or even setting the certificate manually using Set-WACCertificateSubjectName -Thumbprint 'thumbprintofcert' the website will only use the autoenroll certificate. I deleted the autoenroll certificate from the machine, and tried setting the certificate to the SAN cert and the site will not even load. As soon as I forced a gpupdate /force to get a new autoenroll computer certificate and it will use that one, but never the SAN cert. Just in case it was the subject name of the cert, I generated a new SAN cert with a completely different name from the autoenroll cert: WAC.domainname.com instead of APP-WAC01.domain.com. I then used the Set-WACCertificateSubjectName -Thumbprint and verified that it was using the new SAN cert by running Get-WACCertificateSubjectName and it showed that it was using the WAC.domainname.com certificate. Website would not load at all. So I don't know if it has issues with SAN certs, or anything other than an autoenroll certificate with only a common name, but nothing works. If Windows Admin Center Modernized Gateway still used IIS, we'd be able to get IIS to use the SAN cert like the previous version of Windows Admin Center. Is this a known issue? Anyone else having issues with SAN certs? -J
Solved
rmoat
Brass Contributor
Jan 27, 2025
473Views
0likes
5Comments
Configure RPC packet level privacy setting for incoming connections not show in group policy
Hi, it's about the group policy setting in windows server 2022, I have downloaded Windows Server 2022 Security Baseline.zip from https://www.microsoft.com/en-us/download/details.aspx?id=55319 Microsoft Security Compliance Toolkit 1.0 and imported SecGuide.adml and SecGuide.admx. I can see the MS Security Guide folder in local group policy editor, but there is no setting for "Configure RPC packet level privacy setting for incoming connections", I also try to find from All Settings, there is no such setting. Could you advice how to config it to let it show in the group policy editor or GPO. Thanks.
Solved
june_hu
Copper Contributor
Sep 11, 2024
Group Policy
Group Policy Editor
Group Policy Object
microsoft advanced group policy management
3.1KViews
0likes
2Comments
Problems with DNS Replication after upgrade
I created a new A/D Server 2022 to replace my A/D Server 2012. The install completed and the FSMO roles transferred fine. However, I cannot manage the A/D GPO. In looking at the logs, it appears that DNS cannot replicate. Password hash synchronization failed for domain: mrc.net, domain controller hostname: MIDSRVR01.mrc.net, domain controller IP address: 172.16.1.43. Details: Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: mrc.net. Error: There was an error establishing a connection to the directory replication service. Domain controller hostname: MIDSRVR01.mrc.net, domain controller IP address: 192.168.99.12 ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: There was an error establishing a connection to the directory replication service. Domain controller hostname: MIDSRVR01.mrc.net, domain controller IP address: 192.168.99.12 ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: RPC Error 1722 : The RPC server is unavailable. Error creating the RPC binding handle The original A/D Server 2012 is multi-honed and it appears DNS is trying to use an IP Address on a private segment 192.168.99.12 which isn't available to the new Server. The new server is on segment 172.16.1.x. If I look at DNS, the server IP addresses appears in this order. How an I make the 172.16.1.43 the primary address? How can I change the IP address to point to the other segment?
Solved
Mikeg0210
Copper Contributor
Jun 07, 2024
604Views
0likes
2Comments
Cannot transfer schema using NTDSUTIL
When trying to transfer operational control to a new A/D server, I tried to use the GUI but it would not show the new A/D. I found a note which indicated to use NTDSUTIL to perform the task. When issueing the commands: roles connections connect to server dc1 - put the target DC server’s name here quit transfer infrastructure master transfer naming master transfer pdc transfer rid master transfer schema master quit quit Everything appears to be fine, however, when I issue the netdom query fsmo, all of the roles refer to the new server, but the Schema Master still points to the existing A/D server. I am part of the schema admin group but I don't know what else to do except maybe to use the Seize option which appears to be a last resort. What other settings should I look for?
Solved
Mikeg0210
Copper Contributor
May 28, 2024
ntdsutil
Server 2022
1.6KViews
0likes
4Comments
WAC Scheduled reboot for Windows Updates installation not working.
Hi guys, I've encountered an issue about scheduled reboot for windows updates installation via WAC. If I install any patch and schedule the reboot the sever will always reboot immediately after patch installation. After some digging, I think I know where the problem resides, but don't know where else to file a bug report. The PS module named Microsoft.SME.WindowsUpdate defines the function "Install-WACWUWindowsUpdates" with a parameter for $restartTime. When using WAC, the javascript takes your $restartTime and generates a script using the function stated before, with the restartTime value in en-US regional date format. Problem is, our servers are using Italian Regional format data because they're located in Italy. Thus, the date difference fails and so the server reboots immediately. Example: This line is from the PS script WAC created on the managed server to trigger the updates, the scheduled reboot time is stated as below: $restartTime = 'Thu Mar 28 2024 19:49:50+0100'; The function later uses $restartTime in order to calculate a $waitTime for shutdown.exe: $waitTime = [decimal]::round(((Get-Date $restartTime) - (Get-Date)).TotalSeconds); This difference between date items is failing because the output of the command "Get-Date" in our servers is localized in Italian: giovedì 28 marzo 2024 17:21:38 This means that the scheduled reboot feature will not work for all servers where regional format data is not the same as the "en-US" standard. I've also tried to elaborate some fix, using the "-Format" option for the Get-Date command: $currdate = Get-Date -Format "u" $convRestartTime = Get-Date $restartTime -Format "u" $waitTime=[decimal]::Round((New-TimeSpan -Start $currDate -End $convRestartTime).TotalSeconds) Trying to simulate my fix, there is no error and the difference between the dates is consistent to the reboot time indicated in the web GUI. Can someone make this feedback reach the developers of the update extensions in WAC? Do you have any other suggestion about this issue? Thanks for any input on this. Alessandro
Solved
aleilluminatilfo
Copper Contributor
Mar 28, 2024
1KViews
0likes
5Comments
Storage Migration Service Error 36890
Hello Really hoping someone can help, I have found similiar posts but they are much older and usually resolution has been to update Storage Migration Extension (I am using 4.1.0) I am receiving Error 36890 and gets stuck at loading once I reach the start the transfer stage (more details below) Source Server is 2008 R2 and Destination is Server 2022 Standard, Current server is a DC but my understanding is I will need to demote before we start the cutover? (I did also remove AD and it didnt make any difference, so have restored AD/DC as I had to abort the migration) Thanks in advance 02/03/2024-09:10:21.994 [Erro] GetTransferDeviceState request failed for job=Test error=36890: ErrorCode: 36890, Transfer was not run at Microsoft.StorageMigration.Service.StorageMigrationService.GetTransferDeviceState(String jobName, Int32 maxCount, Byte[] nextToken) [d:\os\src\base\dms\service\StorageMigrationService.ITransfer.cs::GetTransferDeviceState::2187] 02/03/2024-09:10:21.995 [Erro] ExceptionMessage : (Transfer was not run), ExceptionToString: (ErrorCode: 36890, Transfer was not run at Microsoft.StorageMigration.Service.StorageMigrationService.GetTransferDeviceState(String jobName, Int32 maxCount, Byte[] nextToken) at SyncInvokeGetTransferDeviceState(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)) [d:\os\src\base\dms\service\ErrorHandlerBehaviorAttribute.cs::HandleError::37]
Solved
Whytey88
Copper Contributor
Feb 03, 2024
3.1KViews
3likes
25Comments
Windows Admin Center Alert Creation
Dear Support, Kindly help me with the Alerts. Is there a way I configure Alerts on windows admin center and receive emails like server rebooted etc.
Solved
Seema_Kanwa655
Copper Contributor
Dec 29, 2023
1.9KViews
0likes
3Comments
about my laptop
how can I change my laptop 10 to 11 .why its impossible
Solved
georgevarghese
Copper Contributor
Jul 08, 2023
662Views
0likes
1Comment
Block Usb and allow certain Users using Groups
Hi, how would go about blocking the majority of users to usb and allow administrators access to usb, is this possible? Using groups? Thanks
Solved
Ryanp123
Copper Contributor
Mar 13, 2023
1.4KViews
0likes
3Comments
Storage Migration Service Inventory Errors
Hi, I am running Windows Server 2019 Storage Migration Service to migrate a Windows Server 2019 Server to Windows Server 2019 (because of system errors). Inventory process for source server shows failed folders and files, but I can't figure out how to find exactly which folders and files were failed to scan. I have tried to check event log, but there is nothing related to the files and folders. How can I find out specific folders and files that SMS failed to process?
Solved
PavelDyachukWork
Copper Contributor
Jan 19, 2023
1.2KViews
0likes
1Comment

Resources

Tags

Windows Admin Center31 Topics
WAC30 Topics
Storage Migration Service12 Topics
Admin Center7 Topics
Active Directory6 Topics
Windows Server6 Topics
Group Policy5 Topics
Error4 Topics
azure4 Topics
General3 Topics