Forum Discussion
Cant't install offline extension
Hi,
When I try to install an offline extension (Active directory, DNS, DHCP, ...), I receive the following error message.
Couldn't install the extension: 'DNS (Preview)'. Error: Failed to install package msft.sme.dns. Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
My server does have a "web-Server" certificate signed by my certification authority (recognized on the domain) and is accessible via https.
A way to solve this problem?
Thank you
3 Replies
I too am failing to install Windows Admin Center extensions in an offline mode, but with a different error.
I've success fully copied all the .nupkg files to the "C:\temp" directory on the WAC server itself.
I've successfully registered the feed "C:\temp" and the .nupkg files do indeed show up in the "Available extensions" area.
However -- when you click "Install" it fails with:
ERROR:
Couldn't install the extension: 'Active Directory'. Error: Failed to install package msft.sme.active-directory. Error: Unable to connect to the remote server
I've tried making the "C:\temp" directory have "Everyone" = "Full" NTFS permissions. No change.
I've tried accessing the WAC console with FQDN/shortname/localhost and 127.0.0.1 in the URL field. Same error.
Tried rebooting the WAC server after registering the new "C:\temp" feed. Same error.
The puzzling piece is "unable to connect to the remote server" which doesn't make sense as it is connecting to itself.
pbergergeoblue about the error: Unable to connect to the remote server i already opened a case to Microsoft.
what i can say is:
- even if WAC internet access is set to No access, it still goes to Internet.
- even if we open internet access to the whitelist URLs for WAC service
the following URLs are not enough
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmanagement.azure.com%2F&data=02%7C01%7Ca-adluta%40microsoft.com%7C0c944d9316e7461d0de208d86510621d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637370468368737877&sdata=w4ax%2BGAfh8i2k%2FYrcO0Nc0hAUc%2Fpkrl0zTb5ABgqGmg%3D&reserved=0
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2F&data=02%7C01%7Ca-adluta%40microsoft.com%7C0c944d9316e7461d0de208d86510621d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637370468368737877&sdata=x20jLlJcr966OdJxeDMyMGbTSsDSFKZfiK3BjQ74cJk%3D&reserved=0
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flogin.microsoftonline.com%2F&data=02%7C01%7Ca-adluta%40microsoft.com%7C0c944d9316e7461d0de208d86510621d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637370468368747870&sdata=s3NQHiWRwc%2FYVnX1C8p%2BvV8fSghvykb91dcieg8ffyo%3D&reserved=0
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpkgs.dev.azure.com%2F&data=02%7C01%7Ca-adluta%40microsoft.com%7C0c944d9316e7461d0de208d86510621d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637370468368747870&sdata=2%2FDAU3faxsOkOWgHUaIdBPqKI7Qbk9ZzI0GdOdSboyc%3D&reserved=0
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fsme-extension-feed&data=02%7C01%7Ca-adluta%40microsoft.com%7C0c944d9316e7461d0de208d86510621d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637370468368757864&sdata=NqiEyx43jeTWb7xG2U%2FmjUq6OWD%2Bba7Hgqtbq5MfW3w%3D&reserved=0
as it seems it goes to the following URLs as well
*. blob.core.windows.net
*. store.core.windows.net
anyway if you open the access to all Microsoft Public IP address blocks https://www.microsoft.com/en-us/download/details.aspx?id=53602
it works...
I'm still waiting an official answer about the full/complete/right list of URLs to be whitelisted... if the server has no direct internet access...
