Solved

SBS 2008 Remotewebworkplace w.o. certificate

Posted on 2010-08-20
7
684 Views
Last Modified: 2012-05-10
Hi Experts,

on SBS 2003 it wasnt necessary to import the servers sefsigned certificate into a client computer to use remote webworkplace an connect to a desktop pc. i just clicked away the warning and it worked.

since SBS2008 this isnt possible anymore. i can use owa but cant connect to a desktop pc. i have to install the certificate from \\sbs2008\public\downloads. after that it works.

but what, if the user wants to connect from a machine in an internetcafe and cant install the cert.

thanks in advance
0
Comment
Question by:deibel
7 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 84 total points
ID: 33483782
Quite possibly the name on the certificate doesn't match the name you are requesting from the server which is why Internet Explorer is rejecting it, it has nothing to do with SBS2008 this isn't preventing the access it's the client machine.

You need to make sure the certificate matches the URL you are using to access the server, or simply purchase an SSL Certficiate, for around $90 per year for a SAN/UCC certificate that is required for SBS2008/Exchange2007
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 167 total points
ID: 33484553
Just for some clarification -

When you purchase a cert as described by demazter you no longer have to install it everywhere.  You only have to install because its self signed and as demazter describes you are not matching names correctly....

Shorty story, buy a cert!
0
 
LVL 2

Assisted Solution

by:jdewaard
jdewaard earned 83 total points
ID: 33487183
Just to clarify more.  Even if the URL matchs what's on the certificate, your SBS server is still not a Trusted Certificate Authority for random public computers.  As such, you will still get an error and have to install the certificate manually.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Assisted Solution

by:FL4TJM
FL4TJM earned 83 total points
ID: 33487742
In 2008 pretty sure no can do...from my experience in installing several 2008 SBS servers over last coule months you MUST issue the cert for install to the client PC to access Remote Web. Actually very nice from a security standpoint but does rule out access from public PC's. The Server even creates a zip folder with the cert and installer to facilitate install by not so tech savvy users. Server generated Cert works fine but the cert name and url MUST match if they were not setup that way in DNS you can always add a local HOSTS file entry on the remote client PC
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 167 total points
ID: 33487881
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
 If you follow this article and get it done right it elimates the needs to install the cert on remote machines.
  However you still have to install the active X in IE so public PC option is still not always a given.

http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
This post describes what you are doing today.  This is not required with a purchased SSL Cert.
0
 
LVL 2

Assisted Solution

by:sbs-mix
sbs-mix earned 83 total points
ID: 33492285
you have to spend some $$$ for a certificate, that's your only way out if you want the user to connect from anywhere.
idea is that the cert has to be issued by a recognized certification authority. some browsers automatically recognize those paid for certificates, so you should take a look at this when picking urs. I bought alphaSSL certs for around 25 $ a year, the cheapest i found on the net, and it's pretty well recognized by half a dozen browsers.
you should watch out to buy a cert with the EXACT name registered in the dns servers. www.contoso.com is NOT identical to contoso.com ! wildcard certs work for *.contoso.com, but they're much more expensive.
0
 
LVL 5

Author Closing Comment

by:deibel
ID: 33834163
.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now