Quick Fix : Clean-up Duplicate Remote Web Access Certificates

SSLI noticed this thread in the forum a while ago, and setup a Lab network to reproduce it. Sure enough after a few days, my local machine certificate store is full of duplicated certificates.

The issue only seems to affect Essentials 2016 and only if you are using the free remotewebaccess.com certificates.

The issue is also discussed here on the MCB Systems blog.

Unfortunately for me work took over and i was not able to spend any more time on it, and with responses from Microsoft for any Essentials related issue being, shall we say, pedestrian, i wont be holding out any hope of a fix soon.

That doesn’t mean I can’t use it as an excuse to do some PowerShell though, which is about the only thing keeping my attention in the IT world these days.

So, run this in PowerShell in an elevated window, use the parameter ‘AutoClean’ as ‘Yes’ to automatically remove all the duplicates, and use the parameter ‘AddTask’ to have it setup a scheduled task to do this every day for you at 4am.

Duplicate Cert

On my LAB system, the duplicate certificates was the only issue, the new certificate had been installed correctly to IIS, and to RRAS for VPN Connections.

About Robert Pearman
Robert Pearman is a UK based Small Business Server enthusiast. He has been working within the SMB IT Industry for what feels like forever. Robert likes Piña colada and taking walks in the rain, on occasion he also enjoys writing about Small Business Technology like Windows Server Essentials or more recently writing PowerShell Scripts. If you're in trouble, and you can find him, maybe you can ask him a question.

16 Responses to Quick Fix : Clean-up Duplicate Remote Web Access Certificates

  1. Thanks Robert, that the next step I was working on with my new 2016 Essentials Server setting up the RWA. I’ll be sure to implement this.

  2. miles267 says:

    Is it possible to do an in-place upgrade from WSE12R2 to WSE16? I’m still running WSE12R2 have everything configured and working, including DirectAccess.

  3. Hi

    This problem also affect Essentials 2012R2.
    Is there a way to make the script work on 2012R2?

  4. Dave Allen says:

    Is there any chance of this being edited to work with Essentials 2012 R2?

  5. martin says:

    hello Robert, i dind’t get it completly, is your powershell a workaround or fixing the issue or just prevent?

  6. John Anderson says:

    Hi Robert,

    I still cannot believe this issue has not been resolved by Microsoft yet!
    I remember discussing this with you in July 2017!
    Just a bit of further info/

    1. It does seem to affect both 2012 and 2016 in both Essentials and Standard formats
    2. For those hoping to use traditional DNS editing and Certify the Web as an alternate solution… It still happens albeit on a less regular basis (bi-weekly or monthly).

    I’m assuming that your powershell script should be considered best practice these days on all IIS/SSTP servers ?

  7. Gordon Currie says:

    As with all code posted to the Galley, this has disappeared completely. Highlights the usefulness of actually posting code on the page. Any way you could post this in a 2022-accessible location?

Leave a reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: