How can we improve the management tools and experience in Windows Server?

Upgrading from Honolulu 1802 to Windows AdminCenter 1804 - site cannot be reached

Hello,
I have just done the upgrade, it went well, no errors but now the website cannot be reached anymore both from the local server (server 2016) and from other machines.
If I go to the EventLog, I can see a lot of errors like this one :
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="SMEGateway" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-04-13T05:43:09.737478300Z" />
<EventRecordID>1912847</EventRecordID>
<Channel>Microsoft-ServerManagementExperience</Channel>
<Computer>xxxxxxxxxxxxxxxxxxxx</Computer>
<Security />
</System>
- <EventData>
<Data>Signature verificate failed for plugin: C:\Program Files\Windows Admin Center\Esent.Interop.dll</Data>
</EventData>
</Event>

Signature verificate failed for plugin: C:\Program Files\Windows Admin Center\Microsoft.Diagnostics.Tracing.EventSource.dll
Signature verificate failed for plugin: C:\Program Files\Windows Admin Center\Microsoft.ManagementExperience.Cim.dll
Signature verificate failed for plugin: C:\Program Files\Windows Admin Center\Microsoft.ManagementExperience.FeatureInterface.dll
Signature verificate failed for plugin: C:\Program Files\Windows Admin Center\Microsoft.ManagementExperience.FrontEnd.dll

Do I need to uninstall the Preview first ?

5 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Marc Vanderhaegen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    planned  ·  AdminDaniel Lee [MSFT] (Admin, Windows Server) responded  · 

    Recently we’ve hardened the Windows Admin Center security by adding file signature verification. The API we currently use for this requires a one-time internet connection to verify signatures, hence you’ll see errors in non-connected environments.

    We’re planning to change the API we use for signature verification in the next version of Windows Admin Center so that we do not require an internet connection to verify.

    Changing DevMode to 1 is intended for SDK development purposes and disables signature verification and other security checks, so we do not recommend changing this in production environments.

    6 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Stavr Ognev commented  ·   ·  Flag as inappropriate

        All worked fine in 1803 build. With upgrade to 1804 can't start service any more because of verification failure.

      • Troy Davis commented  ·   ·  Flag as inappropriate

        I uninstalled Honolulu first and then installed WAC on my Win10 machine. I also get the site can't be reached. However, I never got the chance to select the certificate as indicated in the install.

        The webpage at https://localhost:6516/ might be temporarily down or it may have moved permanently to a new web address.
        ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

        Any suggestions on getting this working again? I've tried the DevMode and it doesn't do anything. I've verified the directory is deleted (I've uninstalled/reinstalled twice now) and still get the same error about INADEQUATE TRANSPORT SECURITY.

      • Marc Vanderhaegen commented  ·   ·  Flag as inappropriate

        Thanks Jason, I manage to connect this server to the Internet through our proxy who only allows some specific addresses (Office 365/ Azure), restarted the service, and the problem was solved. In the eventlog there were events that the signature of the files had been verified and now the site is available even when the key DevMode is set to blank.

      • Jason Fossen commented  ·   ·  Flag as inappropriate

        Nice catch Marc! I can confirm that setting DevMode=1 works on the eval version of Server 2016 Datacenter too; this change creates the listening port after restarting the service.

        Microsoft, please either allow the Admin Center to install and run on an air-gapped eval version of Server 2016 with no updates, or release a new eval ISO with the necessary update installed, or at least do not remove the DevMode=1 trick to get it to work.

      • Marc Vanderhaegen commented  ·   ·  Flag as inappropriate

        I found a solution, I don't know if it is the right one but it works.
        I went through the registry and found these keys :
        Windows Registry Editor Version 5.00

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManagementGateway]
        "Version"="1.1.20642.0"
        "InstallDir"="C:\\Program Files\\Windows Admin Center\\"
        "SmePort"="6516"
        "UseHttps"="1"
        "DevMode"=""
        "DataEncryptionCertificateThumbprint"="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

        I was intrigued by the value DevMode and changed it to 1, restarted the service and voila :-)
        Now the website is up and running.

        I did the same procedure on a test server (I was having the same problem on a newly deployed 2016 server) and it solves also the problem.

        The problem with the website and the signature messages are related because now in the Eventlog I can see this events : source : SMEGaateway, Event ID 0, Warning, "Unsigned DLL identified: C:\Program Files\Windows Admin Center\Esent.Interop.dll. When run in Production Mode, this will cause the gateway to not run'.

        How is it possible to solve the verification problem ? my servers are not able to communicate with the Internet.
        In the docs it is said : "Signature verification failed
        If you install Windows Admin Center on a machine that has never been online to receive updates, the application may crash with Signature verification failed errors in the event log. After taking updates, the issue will be resolved."
        After taking which updates ?

        Thanks in advance for your help

      Feedback and Knowledge Base