Ask a question

0

Post-deployment Configuration failed: Configuration required for DirectAccess and VPN (RAS) on Windows Server 2016

After what seemed a successful, new Windows Server 2016 Standard installation and CertifyTheWeb installed Let's Encrypt SSL Certificate, I have an alert in the Server Manager: 

Post-deployment Configuration failed: Configuration required for DirectAccess and VPN (RAS) at <server-name>.

I clicked on "Open the Getting Started Wizard" and get the message:

"File C:\Windows\system32\RAMgmt.UI.exe is not available because the required management tools are not installed.  Use the Add Roles and Features Wizard to install the Remote Server Administration Tools."

I went to the Add Roles and Features Wizard, but cannot find Remote Server Administration Tools to install.

I think I found where I could download Remote Server Administration Tools, but trying to run the installer results in a message that says "Windows Update Standalone Installer: The update is not applicable to your computer."

https://docs.microsoft.com/en-us/windows-server/remote/remote-server-administration-tools

https://www.microsoft.com/en-us/download/details.aspx?id=45520 Any insight on this would be greatly appreciated. Thank you, James

---

• Windows Server 2016 Standard

asked07/16/2018 01:59

1151 views

Add Comment

1 Answer(s)

• 

  0

  No need to install that and ignore that warning.

  ---

  answered 07/16/2018 04:54

  Add Comment

  

  Thanks again Mariette for the quick reply!  You rock!!  :)  Any chance you could explain a little bit why I can just ignore this post-deployment configuration?

  Thank you again!
  James

  

  Hi Mariette,

  Another question for you.  I had my server off for a couple of days, and after turning it back on, I've got alerts in both the Essentials Dashboard and Server Manager regarding RDP ...

  1. Essentials Dashboard > Home > Health Monitoring > Critical: Remote Desktop Services is not configured correctly. You must configure Remote Desktop Services to remotely connect to computers in the network.
  2. Server Manager > Dashboard > Remote Desktop Services > 1 Event > Server Name: <ServerName>, ID: 103, Severity: Critical, Source: Microsoft-Windows-TerminalServices-Gateway, Log: Microsoft-Windows-TerminalServices-Gateway/Operational, Date and Time: 7/24/2018 2:29:14 PM.
  3. Server Manager > Remote Desktop Services > Events > The Remote Desktop Gateway service does not have sufficient permissions to access the Secure Sockets Layer (SSL) certificate that is required to accept connections. To resolve this issue, bind (map) a valid SSL certificate by using RD Gateway Manager. For more information, see "Obtain a certificate for the RD Gateway server" in the RD Gateway Help. The following error occurred: "2147942487".

  I tried rerunning the Anywhere Access configuration again, first time disabling VPN and RPD, second time re-enabling them, but that didn't help.  The Essentials Dashboard returned the message: There is an error in your Remote Desktop Services settings.

   

  For a little more background, you may recall that I followed your most excellent tutorial "Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it," which worked perfectly, so I don't know exactly what I did to cause this or what happened.  I did install Emby Media Server (emby.media) on this server, but I'm almost positive I was getting this alert before that.  Not 100% positive though.  Can you help me please?

   

  Thanks,

  James

  ---

  replied 07/24/2018 21:12

  

  James,

  You should run the server 24/7. Did you check out this There is an error in your remote desktop services settings when you run the Repair Access wizard. Does Access Anywhere work? Some of those messages could well be timing related.

  ---

  replied 07/25/2018 09:17

  

  Hi Mariette,

  Thanks for getting back to me!  Actually, yes, Access Anywhere seems to be working!  I had the server off for a couple days making some hardware adjustments; normally the server will stay on 24/7.  I will keep an eye on it and see if the events happen again after the server has been up for awhile to see if it's just timing again.

  In the meantime, keeping in mind how I did my setup [following your tutorial mentioned earlier, which I cannot thank you enough for posting!!  :)], let me run this by you: I also have a Warning going on:

  Essentials Dashboard > Home > Health Monitoring … Warning: BPA scan results contain Warnings > BPA scan on 7/10/2018 2:00:22 AM found 1 warnings in your system.  Open Server Manager, click the Windows Server Essentials tab, and view additional details in the Best Practices Analyzer section.

  Server Manager > Windows Server Essentials tab > Best Practice Analyzer … Warning: A host name exists for port 80 on the default website.
  Problem: A host name is assigned for port 80 on the default website.
  Impact: If a host name is assigned for port 80 on the default website, you may not be able to connect to some Windows Server Essentials web applications. A host name is not required and is not recommended in this situation.
  Resolution: To resolve this problem, follow these steps to delete the host name entry:

  1. Open Internet Information Services (IIS) Manager on the server.
  2. In IIS Manager, expand your server name and then click Sites.
  3. In Features View, right-click Default Web Site, and then click Bindings.
  4. In Site Bindings, select the http for port 80 setting, and then click Edit.
  5. In Edit Site Binding, clear the Host name entry, and then click OK.

  Scan time: 7/10/2018 8:00:21 AM

  Server Manager > Tools > Internet Information Services (IIS) Manager > Sites > Default Web Site > Bindings > Site Bindings (there a five entries here):

  1. Type: http, Host Name: <blank>, Port: 80, IP Address: *, Binding Information: <blank>
  2. Type: http, Host Name: remote.<DomainName>.com, Port: 80, IP Address: *, Binding Information: <blank>
  3. Type: HTTPS, Host Name: <blank>, Port: <blank>, IP Address: <blank>, Binding Information: *443:
  4. Type: HTTPS, Host Name: <blank>, Port: <blank>, IP Address: <blank>, Binding Information: *443:<ServerName>
  5. Type: https, Host Name: remote.<DomainName>.com, Port: 443, IP Address: *, Binding Information: <blank>

  There are two http entries for port 80.  If I follow the instructions given by the "Best Practices Analyzer," won't that mess up what I setup following your tutorial?

  Thanks again Mariette,
  James

  ---

  replied 07/25/2018 15:59

  

  That entry for remote.domain.com was probably added by you manually when you installed the Lets Encrypt certificate? If so, you may remove that. For the rest don't bother with that BPA report because it does not understand the Essentials family of things, it assumes this is Standard. Ignore those BPA warnings.

  ---

  replied 07/25/2018 16:15

  

  Yes, I'm pretty sure I added the second entry manually when I installed the let's Encrypt SSL Certificate; it's Step 1.3 in your tutorial.  That's why I wasn't sure about changing it.  Was this just a temporary addition for the process?  So you're saying I should be able to keep the first entry, but remove the second?

  1. KEEP? Type: http, Host Name: <blank>, Port: 80, IP Address: *, Binding Information: <blank>
  2. REMOVE? Type: http, Host Name: remote.<DomainName>.com, Port: 80, IP Address: *, Binding Information: <blank>

  Thanks,
  James

  ---

  replied 07/25/2018 16:25

  

  Yes, once the Certify the Web tool has successfully run you can remove the remote.domain.com binding. So, # 2 is valid

  ---

  replied 07/26/2018 07:56

  ---

  Reply

  replied 07/16/2018 14:24

  Your browser doesn't have Flash, Silverlight or HTML5 support.

  Reply Cancel