Cant't install offline extension

Copper Contributor



When I try to install an offline extension (Active directory, DNS, DHCP, ...), I receive the following error message.


Couldn't install the extension: 'DNS (Preview)'. Error: Failed to install package msft.sme.dns. Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

My server does have a "web-Server" certificate signed by my certification authority (recognized on the domain) and is accessible via https.


A way to solve this problem?


Thank you



3 Replies


 I too am failing to install Windows Admin Center extensions in an offline mode, but with a different error.


I've success fully copied all the .nupkg files to the "C:\temp" directory on the WAC server itself.

I've successfully registered the feed "C:\temp" and the .nupkg files do indeed show up in the "Available extensions" area.

However -- when you click "Install" it fails with:



Couldn't install the extension: 'Active Directory'. Error: Failed to install package Error: Unable to connect to the remote server


I've tried making the "C:\temp" directory have "Everyone" = "Full" NTFS permissions. No change.

I've tried accessing the WAC console with FQDN/shortname/localhost and in the URL field. Same error.

Tried rebooting the WAC server after registering the new "C:\temp" feed. Same error.

The puzzling piece is "unable to connect to the remote server" which doesn't make sense as it is connecting to itself.


@pbergergeoblue  about the error: Unable to connect to the remote server i already opened a case to Microsoft.

what i can say is:

- even if WAC internet access is set to No access, it still goes to Internet.

- even if we open internet access to the whitelist URLs for WAC service

the following URLs are not enough


as it seems it goes to the following URLs as well




anyway if you open the access to all  Microsoft Public IP address blocks 

it works...


I'm still waiting an official answer about the full/complete/right list of URLs to be whitelisted... if the server has no direct internet access...








@Chris81 about your answer:

"anyway if you open the access to all  Microsoft Public IP address blocks 

it works..."

How can you exactly open these Microsoft Public IP address blocks?


Wish you a nice Day!