Today I removed WSUS from a 2016 Essentials server. The RWW web site and the Remote Desktop Gateway stopped working. Hours later, I finally found this article with the explanation and solution.
WSUS adds a custom compression module to IIS but does not remove it when you remove the WSUS role. The %WINDIR%\system32\inetsrv\config\applicationhost.config includes a reference to C:\Program Files\Update Services\WebServices\suscomp.dll. Following this article on uninstalling WSUS, I had deleted that folder, so the DLL was missing, leading to the 500.19 error.
The fix is to run this command (on one line) to remove the special WSUS “”xpress” section.
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /-[name='xpress']
iisreset to restart IIS.
When RWW or Remote Desktop Gateway is not working, the normal fix is to run the Repair wizard form Essentials’ Anywhere Access configuration. That continued to fail in the Verifying phase with these messages:
I initially thought that those errors were due to the TLS hardening I recently completed, as discussed here. But backing out those changes (back to server defaults) did not resolve the issue.
I got the detailed 500.19 error by launching https://localhost from the Default Web Site within IIS. The specific error on that page was 0x8007007e, which this page accurately describes: “This problem occurs because the ApplicationHost.config or Web.config file references a module or a DLL that is invalid or doesn’t exist.” It recommends using Failed Request Tracing to determine which module is the issue. This document has lots of info on Failed Request Tracing, but it was pretty easy to set up within IIS to trap 500 errors:
Re-create the error, then right-click on one of the error files in C:\inetpub\logs\FailedReqLogFiles\W3SVC1 and choose to Open with Internet Explorer:
Here you’ll see that it’s the StaticCompressionModule and DynamicCompressionModule are not found. The confusing thing is that the referenced .dll files do exist, and seem to be configured correctly in IIS.
Finally I thought to Google “wsus uninstall DynamicCompressionModule”. The first link is Trevor Jones’ brilliant article, with the fix that I repeated above. Here’s a screen shot of the ApplicationHost.config with the offending WSUS reference (purple background):
Once I applied that fix, RWW and the Remote Desktop Gateway started working again immediately. I re-applied the TLS hardening, rebooted, and the Anywhere Access Repair wizard completed without issue.