counter customizable

WHS 2011 – This computer is unable to establish a trust relationship with the server. Verify that the computer’s date and time are accurate and try again.

When I try to connect a new client to my Windows Home Server 2011 (WHS 2011) I get this message "Cannot connect this computer to the network. This computer is unable to establish a trust relationship with the server. Verify that the computer’s date and time are accurate and try again. "

The problem started when I hade some another problems that I can’t recall now. But to solve them I hade to generate a new CA certificate. I didn’t notice the problem with the Connector software for at least 6 months, so I didn’t connect the dots until now.

 

Test Scenario

I have set up a virtual environment to replicate the problem. I have one WHS2011 (Server) and two Windows 7 Pro x64 clients (Client01 with User01 & Client02 with User02).

  1. Install the connector software on Client01.
  2. Create a new CA certificate.
  3. Try to install connector software on Client02
  4. Generate a certificate for the Server
  5. Install connector software on Client02
  6. Check client status in the Dashboard
  7. Reinstall the connector software on Client01

 

Client01

Installing the connector software on Client01 from http://server/connect. I just install the software with default settings. The installation was successful and the client computer is green in the server dashboard.

 

Server

Logon to the server with RDP. Start the Windows Home Server 2011 Dashboard and open the Computers and Backup tab. Client01 is showing up with the status Online.

image

Start a MMC and add the Snap-in for Certificates (Local Computer). Open Personal Certificates.

image

I now have two certificates one for the Certification Authority (CA) and one for the computer account of the server it self.

 

Start the Certification Authority from Administrative Tools.

Select the server, right click and choose Properties.

image

I now only have one CA certificate. Close the Properties dialog.

Select the server again, right click and choose All Tasks, Renew CA Certificate…

image

image

Press Yes.

image

Select Yes and press OK.

When the wizard finishes, select properties from the server again.

image

New I have two CA certificates, but it is the new one that will be used to generate certificates from.

If you go back to the MMC with Certificates (Local Computer) and check under Personal Certificates.

image

Now there are two CA certificates but only one certificate for the computer account. Open the certificate for the computer account here named SERVER.

image

We can now se that the certificate is Valid from 2011-09-10 to 2041-09-02.

image

Open the Certification Path tab, select the SERVER-CA and click on View Certificate.

image

We can now se that the computer account certificate was issued from the old CA certificate, but that is to be expected because the new CA certificate didn’t exist then Ler

Open the Windows Home Server 2011 Dashboard and open the Computers and Backup tab.

image

Client01 is still showing up with the status Online.

 

Client02

Installing the connector software on Client02 from http://server/connect. I just install the software with default settings.

image

The installation will fail with the following error:

Cannot connect this computer to the network

This computer is unable to establish a trust relationship with the server. Verify that the computer’s date and time are accurate and try again.

 

Server

Open the Windows Home Server 2011 Dashboard and open the Computers and Backup tab.

image

The Client02 are actually create in the Dashboard but the connector software fails to install on the client.

To fix this we need to generate a new certificate for the server that is based on the new CA certificate.

Browsed to C:\Program Files\Windows Server\Bin\
Right clicked on wsspowershell.exe and Run As Administrator
In the PowerShell windows, typed Add-WssLocalMachinecert (to generate a new local machine certificate)

image
Check "Windows Server Service Provider Registry" and all its dependency services should be started.

If you go back to the MMC with Certificates (Local Computer) and check under Personal Certificates.
image

Select the SERVER certificate with the longest Expiration Date that should be the certificate we just created.
image

We can now se that the certificate is Valid from 2012-12-17 to 2042-12-17 so it’s newer than before.

image

Open the Certification Path tab, select the SERVER-CA and click on View Certificate.

image

We can now se that the computer account certificate is issued from the new CA certificate.

 

Client02

Reboot the client and try to install the connector software again. You will get a warning that the computer Client02 already exist but that is ok, so just continue with the installation.

image

The installation was now successful.

 

SERVER

Open the Windows Home Server 2011 Dashboard and open the Computers and Backup tab.

image

Now the Client02 has Status Online. But instead Client01 has now Status Offline.

 

Client01

image

To fix this just uninstall the Windows Home Server 2011 Connector, reboot and then install it again from http://server/connect

 

Summary

The problem started for me when I for some reason that I can’t remember hade to run the task Renew CA Certificate. I am I no way saying that this will solve your issues but it’s a place to start looking. This solved the client Windows Home Server 2011 Connector installation issue and a problem that I hade with opening the Windows Home Server 2011 Dashboard.

Mikael Karlsson posted at 2012-12-18 Category: WHS2011, Windows Home Server 2011