I’ve been struggling for weeks attempting to get clients integrated with a new Windows Server 2012 R2 Essentials box.

These servers set themselves up as a trusted Root Certification Authority, and then their client installation routine downloads a self-certified certificate, generates a secure session, and completes the client load.

Only my clients have not been able to complete the client load for reasons that were extremely difficult to diagnose.

Pulling logs found that the certificates were mismatched and failing during session init – deeper exam found these new certificates were signed — not by my server, which is 10 feet from my laptop – but by the Avast scanner.

No match of certification authority – install fails.

I understand why this feature may have been added – but the Server Essentials line are very common Homeservers for Geeks, and this feature breaks the installs. I’m only glad I figured it out before attempting to burn down and redo a server that is otherwise performing admirably.

Is there anyway to modify or disable this function – or add trusted root CA’s? The certs will continue to be used after install and I’d hate for secure communications to break after install because Avast continues to insert itself into the Certificate as the signer.

Informed Opinion: This is not a good way – at least in the Windows Environment – to do this.

Is this related to avast server protection product or avast endpoint protection ?.. if so you are posting in wrong forum section

No – this is endpoint protection.

The Installation routine is for a client that integrates Windows endpoints with the server using a secure session.

No -- this is endpoint protection.

Endpoint forum section is here https://forum.avast.com/index.php?board=33.0