Ask a question

0

Access Anywhere Let's Encrypt Renewal

I originally configured this using your tutorial before it included the Certify the Web app and have moved to that app since then.  I'm doing this on two Essentials servers, one with 2012 R2 and one with 2016.

My problem on both servers is that Access Anywhere does not register the renewals.  CtW renews correctly and IIS gets the new certificate, but every three months I have to export the certificate from the personal store and import it into Access Anywhere because the dashboard notifies me of an expired certificate and Access Anywhere stops allowing connections through it to the users' workstations.  The export/import always works to restore service, but I was hoping that there might be some way to get this process automated.  I've managed to head off the complaints after the first time by manually doing the export/import each renewal, but...

Any ideas anybody has would be appreciated.

---

• SSL Certificate
• Windows Server Essentials 2012 R2
• Windows Server Essentials 2016

asked11/03/2018 03:02

253 views

Add Comment

1 Answer(s)

• 

  0

  Hello Rick,

  The latest version of Certify the Web has the option to run a Powershell script that 'renews' the certificate in Remote Desktop Gateway, see screenshot.

  

  The script I use is this

  # Replace-RDGatewayCertificate.ps1
  Param($result)
  
  # Use the RDS PowerShell module, if available.
  # If not, we'll have to set it manually via WMI.
  Import-Module RemoteDesktopServices -ErrorAction SilentlyContinue
  $RDSPath = "RDS:\GatewayServer\SSLCertificate\Thumbprint"
  If (Test-Path $RDSPath) {
      Set-Item -Path $RDSPath -Value  $result.ManagedItem.CertificateThumbprintHash -ErrorAction Continue
  } Else {
      # Convert the certificate thumbprint from a String into a Byte[] that WMI can understand.
      # The next line is courtesy of: http://www.beefycode.com/post/Convert-FromHex-PowerShell-Filter.aspx
      $ByteArray = ($result.ManagedItem.CertificateThumbprintHash -Split "(?<=\G\w{2})(?=\w{2})" | ForEach {[Convert]::ToByte($_,16)})
      $wmi = (Get-WmiObject -Class "Win32_TSGatewayServerSettings" -Namespace "root\cimv2\terminalservices")
      $wmi.SetCertificate($ByteArray)
  }
  # Uncomment the next cmdlet to automatically restart the RD Gateway service.
  # This is required to apply the new certificate, but it will briefly disconnect all users.
  Restart-Service TSGateway -ErrorAction Continue

   

  ---

  answered 11/03/2018 19:04

  Add Comment

  

  Thanks, Mariette!

  I was just starting to research the Powershell RDS module.  You saved me a lot of time.  Thank you!

  

  Thanks Rick! Hopefully, the development of a Let's Encrypt solution for Windows Server Essentials gets reliable now. I have had some issues also but with the latest version of Certify the Web and those Powershell scripts it works fine as far as I can see. I also use it on some on-premise Exchange Server 2016.

  ---

  replied 11/05/2018 14:36

  ---

  Reply

  replied 11/05/2018 14:23

  Your browser doesn't have Flash, Silverlight or HTML5 support.

  Reply Cancel