Solved

SBS 2008 Remotewebworkplace w.o. certificate

Posted on 2010-08-20
7
697 Views
Last Modified: 2012-05-10
Hi Experts,

on SBS 2003 it wasnt necessary to import the servers sefsigned certificate into a client computer to use remote webworkplace an connect to a desktop pc. i just clicked away the warning and it worked.

since SBS2008 this isnt possible anymore. i can use owa but cant connect to a desktop pc. i have to install the certificate from \\sbs2008\public\downloads. after that it works.

but what, if the user wants to connect from a machine in an internetcafe and cant install the cert.

thanks in advance
0
Comment
Question by:deibel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 84 total points
ID: 33483782
Quite possibly the name on the certificate doesn't match the name you are requesting from the server which is why Internet Explorer is rejecting it, it has nothing to do with SBS2008 this isn't preventing the access it's the client machine.

You need to make sure the certificate matches the URL you are using to access the server, or simply purchase an SSL Certficiate, for around $90 per year for a SAN/UCC certificate that is required for SBS2008/Exchange2007
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 167 total points
ID: 33484553
Just for some clarification -

When you purchase a cert as described by demazter you no longer have to install it everywhere.  You only have to install because its self signed and as demazter describes you are not matching names correctly....

Shorty story, buy a cert!
0
 
LVL 2

Assisted Solution

by:jdewaard
jdewaard earned 83 total points
ID: 33487183
Just to clarify more.  Even if the URL matchs what's on the certificate, your SBS server is still not a Trusted Certificate Authority for random public computers.  As such, you will still get an error and have to install the certificate manually.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Assisted Solution

by:FL4TJM
FL4TJM earned 83 total points
ID: 33487742
In 2008 pretty sure no can do...from my experience in installing several 2008 SBS servers over last coule months you MUST issue the cert for install to the client PC to access Remote Web. Actually very nice from a security standpoint but does rule out access from public PC's. The Server even creates a zip folder with the cert and installer to facilitate install by not so tech savvy users. Server generated Cert works fine but the cert name and url MUST match if they were not setup that way in DNS you can always add a local HOSTS file entry on the remote client PC
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 167 total points
ID: 33487881
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
 If you follow this article and get it done right it elimates the needs to install the cert on remote machines.
  However you still have to install the active X in IE so public PC option is still not always a given.

http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
This post describes what you are doing today.  This is not required with a purchased SSL Cert.
0
 
LVL 2

Assisted Solution

by:sbs-mix
sbs-mix earned 83 total points
ID: 33492285
you have to spend some $$$ for a certificate, that's your only way out if you want the user to connect from anywhere.
idea is that the cert has to be issued by a recognized certification authority. some browsers automatically recognize those paid for certificates, so you should take a look at this when picking urs. I bought alphaSSL certs for around 25 $ a year, the cheapest i found on the net, and it's pretty well recognized by half a dozen browsers.
you should watch out to buy a cert with the EXACT name registered in the dns servers. www.contoso.com is NOT identical to contoso.com ! wildcard certs work for *.contoso.com, but they're much more expensive.
0
 
LVL 5

Author Closing Comment

by:deibel
ID: 33834163
.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question