Cant't install offline extension

%3CLINGO-SUB%20id%3D%22lingo-sub-1683239%22%20slang%3D%22fr-FR%22%3ECant't%20install%20offline%20extension%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1683239%22%20slang%3D%22fr-FR%22%3E%3CP%3E%3CSPAN%3EHi%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20try%20to%20install%20an%20offline%20extension%20(Active%20directory%2C%20DNS%2C%20DHCP%2C%20...)%2C%20I%20receive%20the%20following%20error%20message.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3ECouldn't%20install%20the%20extension%3A%20'DNS%20(Preview)'.%20Error%3A%20Failed%20to%20install%20package%20msft.sme.dns.%20Error%3A%20The%20underlying%20connection%20was%20closed%3A%20Could%20not%20establish%20trust%20relationship%20for%20the%20SSL%2FTLS%20secure%20channel.%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%3CBR%20%2F%3EMy%20server%20does%20have%20a%20%22web-server%22%20certificate%20signed%20by%20my%20certification%20authority%20(recognized%20on%20the%20domain)%20and%20is%20accessible%20via%20https.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20way%20to%20solve%20this%20problem%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1685172%22%20slang%3D%22en-US%22%3ERe%3A%20Cant't%20install%20offline%20extension%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1685172%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F798615%22%20target%3D%22_blank%22%3E%40FabienD%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EI%20too%20am%20failing%20to%20install%20Windows%20Admin%20Center%20extensions%20in%20an%20offline%20mode%2C%20but%20with%20a%20different%20error.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20success%20fully%20copied%20all%20the%20.nupkg%20files%20to%20the%20%22C%3A%5Ctemp%22%20directory%20on%20the%20WAC%20server%20itself.%3C%2FP%3E%3CP%3EI've%20successfully%20registered%20the%20feed%20%22C%3A%5Ctemp%22%20and%20the%20.nupkg%20files%20do%20indeed%20show%20up%20in%20the%20%22Available%20extensions%22%20area.%3C%2FP%3E%3CP%3EHowever%20--%20when%20you%20click%20%22Install%22%20it%20fails%20with%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EERROR%3A%3C%2FP%3E%3CP%3E%3CSPAN%3ECouldn't%20install%20the%20extension%3A%20'Active%20Directory'.%20Error%3A%20Failed%20to%20install%20package%20msft.sme.active-directory.%20Error%3A%20Unable%20to%20connect%20to%20the%20remote%20server%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI've%20tried%20making%20the%20%22C%3A%5Ctemp%22%20directory%20have%20%22Everyone%22%20%3D%20%22Full%22%20NTFS%20permissions.%20No%20change.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI've%20tried%20accessing%20the%20WAC%20console%20with%20FQDN%2Fshortname%2Flocalhost%20and%20127.0.0.1%20in%20the%20URL%20field.%20Same%20error.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ETried%20rebooting%20the%20WAC%20server%20after%20registering%20the%20new%20%22C%3A%5Ctemp%22%20feed.%20Same%20error.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20puzzling%20piece%20is%20%22unable%20to%20connect%20to%20the%20remote%20server%22%20which%20doesn't%20make%20sense%20as%20it%20is%20connecting%20to%20itself.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22wac_1.jpg%22%20style%3D%22width%3A%20828px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219666iF82BE90D3E4CFE46%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22wac_1.jpg%22%20alt%3D%22wac_1.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi,

 

When I try to install an offline extension (Active directory, DNS, DHCP, ...), I receive the following error message.

 

Couldn't install the extension: 'DNS (Preview)'. Error: Failed to install package msft.sme.dns. Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.


My server does have a "web-Server" certificate signed by my certification authority (recognized on the domain) and is accessible via https.

 

A way to solve this problem?

 

Thank you

 

 

2 Replies
Highlighted

@FabienD 

 I too am failing to install Windows Admin Center extensions in an offline mode, but with a different error.

 

I've success fully copied all the .nupkg files to the "C:\temp" directory on the WAC server itself.

I've successfully registered the feed "C:\temp" and the .nupkg files do indeed show up in the "Available extensions" area.

However -- when you click "Install" it fails with:

 

ERROR:

Couldn't install the extension: 'Active Directory'. Error: Failed to install package msft.sme.active-directory. Error: Unable to connect to the remote server

 

I've tried making the "C:\temp" directory have "Everyone" = "Full" NTFS permissions. No change.

I've tried accessing the WAC console with FQDN/shortname/localhost and 127.0.0.1 in the URL field. Same error.

Tried rebooting the WAC server after registering the new "C:\temp" feed. Same error.

The puzzling piece is "unable to connect to the remote server" which doesn't make sense as it is connecting to itself.

wac_1.jpg

Highlighted

@pbergergeoblue  about the error: Unable to connect to the remote server i already opened a case to Microsoft.

what i can say is:

- even if WAC internet access is set to No access, it still goes to Internet.

- even if we open internet access to the whitelist URLs for WAC service

the following URLs are not enough

https://management.azure.com/

https://graph.microsoft.com

https://login.microsoftonline.com

https://pkgs.dev.azure.com/

https://aka.ms/sme-extension-feed

 

as it seems it goes to the following URLs as well

*. blob.core.windows.net

*. store.core.windows.net

 

anyway if you open the access to all  Microsoft Public IP address blocks  https://www.microsoft.com/en-us/download/details.aspx?id=53602 

it works...

 

I'm still waiting an official answer about the full/complete/right list of URLs to be whitelisted... if the server has no direct internet access...