Solved

Error getting remote desktop connection to pcs/server after login on RWW homepage in SBS 2008.

Posted on 2011-03-01
12
348 Views
Last Modified: 2013-11-21
My 1st post here so thanks in advance for your help.
I have RWW set up on SBS 2008 and it works fine on the internal network.
Our office is part of a building where the internet is provided free and it comes in on the ISP's router (external ip address is 83.xxx.xxx.xxx) then is split into subnets and into each office. In our office it's then connected to a Dlink dir-655 router and all the pc's and the server are attatched to this.
I've got the guy running the building to forward ports 443 & 987 to the external ip of our router where they are forwarded to the server.
Our website is hosted externally and i got them to forward the address https://remote.ourdomain.com to https://83.xxx.xxx.xxx/remote
When i browse to https://remote.ourdomain.com i get forwarded to https://83.xxx.xxx.xxx/remote where i get "There is a problem with this website's security certificate." I then click on "Continue to this website (not reccommended)" where i get to the RWW homepage.
I login here and get the "Connect to a computer/Connect to a server" screen but the problem then is when i try to get a remote connection to a pc or the server i get the error "To connect to Remote Web Workplace, you must install the proper certificate." and i can't connect.
I've installed the certificate for remote.ourdomain.com  on the Windows 7 laptop i'm using to connect but i'm assuming the problem is it doesn't match the address https://83.xxx.xxx.xxx/remote that i'm trying to connect to.
How do i go about sorting this out, preferably without purchasing an SSL certificate if possible?
0
Comment
Question by:Dahoe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 4

Accepted Solution

by:
RobertParten earned 500 total points
ID: 35007884
Let me be brutally honest with you on this scenario, get a SSL certificate! Godaddy has them for $60 and they are worth every penny because it eliminates this frustration. However, because you have a redirect I am not sure how that is going to work out for you.

Why not setup a an A record for https://remote.ourdomain.com/ instead of doing some odd redirect so that way you can create a CSR and then submit it for a trusted 3prd party certificate?
0
 
LVL 4

Expert Comment

by:RobertParten
ID: 35007934
http://www.clickssl.com/geotrust/quick-ssl-premium.aspx

That is not a bad price for a UCC Certificate, I highly recommend this route to avoid headaches, especially since you are in a production  environment.
0
 

Author Comment

by:Dahoe
ID: 35008023
Cheers for the quick response.
Ok so i guess buying a SSL Cert is the way to go.
How exactly do i go about setting up a an A record for https://remote.ourdomain.com/ ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:RobertParten
ID: 35008172
Easy peasy, whoever hosts your domain's DNS records is where you would set that up. For instance, my domain: humanlinux.com - if you were to run a WHOIS on that domain you get the following two DNS servers:

 Name Server: CPANEL61.FASTDNSSERVERS.COM
 Name Server: CPANEL62.FASTDNSSERVERS.COM

These are with a hosting account I control so if I wanted to create an A record for: remote.humanlinux.com I would log into my control panel for DNS and create a A record that would resemble this in a BIND DNS server:

remote      IN     A     ip.add.res.ss

Thus, whenever I ping: remote.humanlinux.com - I will get the IP address I entered into DNS as a response (as long as the server responds). Sometimes you may have customer support that can create an A record for you as well. You will just need the IP address that you are using.

0
 

Author Comment

by:Dahoe
ID: 35008403
I'll get onto my website host and see if we can get this sorted and post back. Can i go ahead and generate a CSR now so?
Also can i buy any SSL Cert e.g. these ones from Comodo? http://www.positivessl.com/
0
 
LVL 6

Expert Comment

by:kennyhenao
ID: 35009144
If you don't want to buy a cert, then just follow this.

http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

This will get you to where you can download the correct self-signed cert and use RWW.

I have used these same steps for RWW and Outlook anywhere (RPC over HTTP)
0
 

Author Comment

by:Dahoe
ID: 35009644
I've tried those steps before already and still get the same problem.
0
 
LVL 4

Expert Comment

by:RobertParten
ID: 35009784
Dahoe I am telling you brother, well worth the money to never have to deal with that headache again in a production environment
0
 

Author Comment

by:Dahoe
ID: 35009949
Yeah i reckon you're right, was onto my webhost briefly and he told me we don't have an SSL Certificate on our website so we'd have to purchase one or he can't setup https://remote.ourdomain.com only http://.
Would this be the same certificate i'm purchasing for the server?
Also can i buy any SSL Cert e.g. these ones from Comodo? http://www.positivessl.com/
0
 
LVL 4

Expert Comment

by:RobertParten
ID: 35010079
NO no no, you would generate an CSR for a request on the server at your office. IN SBS 2008 there is a wizard that will guide you through setting up a Certificate request to submit to a certificate authority (godaddy, Comodo, Digicert). You then submit the request there and once approved you cna download the certificate.

http://technet.microsoft.com/en-us/library/cc546059%28WS.10%29.aspx

That includes the instructions for generating a request for a certificate.

All you need to tell your webhost (who hosts your DNS) is to create an "A" record for:

remote.whateveryourdomainis.com to YOUR IP address

That is IT, just have them create an A record.

After that, use whoever you want to for a certificate authority and submit the request and wait for approval.
0
 

Author Comment

by:Dahoe
ID: 35010361
Ok , sorry about that i'm fairly new to all this.
I've generated the CSR in SBS 2008 so i'll go and get the certificate.
My webhost says he's created the subdomain http://remote.ourdomain.com and forwarded it to https://83.xxx.xxx.xxx/remote which is the external ip address of our building and is port forwarded to our router and then onto server.
Is this ok?
0
 

Author Comment

by:Dahoe
ID: 35171686
Hi there, after a lot of hassle with verification, addresses/phone numbers etc, i've finally received my SSL Cert and added it to the server. I also imported it into Internet Explorer but i'm still getting the same error message. Any idea what could be going wrong? Is https://83.xxx.xxx.xxx/remote the correct address that my webhost has set up the A record for? or should it just be our external ip address 83.xxx.xxx.xxx?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question