Quick Fix : Clean-up Duplicate Remote Web Access Certificates

July 4, 2018 by 16 Comments

SSLI noticed this thread in the forum a while ago, and setup a Lab network to reproduce it. Sure enough after a few days, my local machine certificate store is full of duplicated certificates.

The issue only seems to affect Essentials 2016 and only if you are using the free remotewebaccess.com certificates.

The issue is also discussed here on the MCB Systems blog.

Unfortunately for me work took over and i was not able to spend any more time on it, and with responses from Microsoft for any Essentials related issue being, shall we say, pedestrian, i wont be holding out any hope of a fix soon.

That doesn’t mean I can’t use it as an excuse to do some PowerShell though, which is about the only thing keeping my attention in the IT world these days.

So, run this in PowerShell in an elevated window, use the parameter ‘AutoClean’ as ‘Yes’ to automatically remove all the duplicates, and use the parameter ‘AddTask’ to have it setup a scheduled task to do this every day for you at 4am.

Duplicate Cert

On my LAB system, the duplicate certificates was the only issue, the new certificate had been installed correctly to IIS, and to RRAS for VPN Connections.

Filed under 2016, Essentials, General, PowerShell Tagged with , , ,

Unknown's avatarAbout Robert Pearman
Robert Pearman is a UK based IT worker bee. He has been working within the IT Industry for what feels like forever. Robert likes Piña colada and getting caught in the rain, he also enjoys writing about Technology like PowerShell or System Automation but not as much as he used to. If you're in trouble, and you can find him, maybe you can ask him a question.

16 Responses to Quick Fix : Clean-up Duplicate Remote Web Access Certificates

  1. John m. Keller's avatar John m. Keller says:
    July 4, 2018 at 3:13 am

    Thanks Robert, that the next step I was working on with my new 2016 Essentials Server setting up the RWA. I’ll be sure to implement this.

    Reply
  2. miles267's avatar miles267 says:
    July 9, 2018 at 1:54 am

    Is it possible to do an in-place upgrade from WSE12R2 to WSE16? I’m still running WSE12R2 have everything configured and working, including DirectAccess.

    Reply
  3. Lars-Erik Andersson's avatar Lars-Erik Andersson says:
    September 12, 2018 at 10:05 am

    Hi

    This problem also affect Essentials 2012R2.
    Is there a way to make the script work on 2012R2?

    Reply
  4. Dave Allen's avatar Dave Allen says:
    October 11, 2018 at 6:39 am

    Is there any chance of this being edited to work with Essentials 2012 R2?

    Reply
  5. martin's avatar martin says:
    November 8, 2018 at 11:09 am

    hello Robert, i dind’t get it completly, is your powershell a workaround or fixing the issue or just prevent?

    Reply
  6. John Anderson's avatar John Anderson says:
    December 4, 2018 at 1:38 pm

    Hi Robert,

    I still cannot believe this issue has not been resolved by Microsoft yet!
    I remember discussing this with you in July 2017!
    Just a bit of further info/

    1. It does seem to affect both 2012 and 2016 in both Essentials and Standard formats
    2. For those hoping to use traditional DNS editing and Certify the Web as an alternate solution… It still happens albeit on a less regular basis (bi-weekly or monthly).

    I’m assuming that your powershell script should be considered best practice these days on all IIS/SSTP servers ?

    Reply
  7. Gordon Currie's avatar Gordon Currie says:
    May 4, 2022 at 10:00 pm

    As with all code posted to the Galley, this has disappeared completely. Highlights the usefulness of actually posting code on the page. Any way you could post this in a 2022-accessible location?

    Reply

Leave a reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.