KB2757011 interrupts Remote Web Access in SBS / WHS11 – Fixed!

0

I don’t recommend anyone to use a WHS2011 inline box, it’s just for fun.

I have an old Windows Home Server 2011 box (very similar to 2008 R2), which I’m running just for fun. (See this thread where I corrected the server backup). It does not contain any important files. I’m having a great time continuing for some reason, but this year I ran into an issue that I wanted to document here in case it helps anyone else.

The two semi-related issues I encountered this year were as follows:

  1. On the dashboard, the “Configure” button under Domain name simply displayed an error when you clicked.
  2. For existing configurations, the free domain name .homeserver.com was no longer updated with the current IP address.

This week I dived to see if this functionality could be restored.

Dive into the SharedServiceHost-DomainManagerServiceConfig log, I could see entries like this.

DomainManager: Throwing FaultException with detail DomainManagerFault:[Reason:CommunicationFailure, Message:UpdateDNS failed, Detail:An error occurred while making the HTTP request to https://dyndns.domains.live.com/service/livedyndns.asmx. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ]

Originally, I thought the dyndns.domains.live.com site was outdated and Home Server 2011 was no longer officially supported. To my surprise, I was able to access the site through a browser, so what was going on? This directed me to the second part of the error message, security.

I first found this site which tells you how to increase security on SBS 2011, which is very similar to WHS 2011: https://windowspoweressentials.com/2015/12/14/sbs-2011-standard-disable-tls-1-0/

Going through the steps and restarting I still ran into the same issue, but on the site it mentions a Hass Alexander PowerShell script that takes it to the next level when it comes to increasing web security. The script can be found here: https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12

I ran the script and restarted when prompted. I then restarted a second time after the script finished and to my surprise it worked! Using Nslookup I was able to verify that the .homeserver.com domain name I was using now had my current IP address and the logs no longer showed error entries, great! The server also got an “A” rating on the SSL server test site lol.

Now let’s move on to configuring the dashboard. Looking at the Dashboard.log file, when you try the button you will see the following entry:

DomainConfigWizard: Error occurred in Domain Manager Object Model operations: System.Net.WebException: The remote name could not be resolved: 'www.microsoft-sbs-domains.com'

On a new installation of WHS2011 in a virtual machine, the configure button still works fine, so it is not a dependency that has been changed, it is something internal to the system. I then started applying the recommended updates to the new install a few at a time, testing the configure button in between until I saw the error. I was able to narrow the issue down to KB2757011 which is a cumulative update for the system. Removing the update will restore the functionality of the configure button.

But what broke that in particular? Using WinMerge to compare the contents of the filesystem before and after the update, I had a few things to dig into. After testing by replacing different files “before update” on a virtual machine where the update was applied, I found out that it was Wssg.Web.DomainConfigWizard.dll in the Program Files Windows Server Bin folder. The new post-update file is dated 03/11/2012, and the pre-update version that comes on a new server install was dated 03/02/2011 on my system. I just renamed the 2012 file bak_ and then copied the working version 2011 to the directory.

After a restart, this button also worked again! I was able to sign up for a new free domain homeserver.com and was able to switch to my own provider. Again this was just for fun I will shut down the server now but wanted to share in case anyone here is in a similar boat.

Published by protivakid, September 21, 2021 – 6:01 PM.


Source link

Leave A Reply

Your email address will not be published.