Certificate errors after migrating from SBS2003 to SBS2008

Posted on 2011-04-28
Medium Priority
Last Modified: 2012-08-13
We are not using third party certificates.  Here is the result of the Remote Connectivity Analyzer.  Sorry for my ignorance, but I am reading the posts and links to "Tell me how to resolve this" and I could blindly follow these suggestions, but I don't know what it is doing (i.e. what it is changing) and I don't want to arbitrarily make changes without understanding them.

Any info would be appreciated.
Question by:SudsyBrew
  • 2

Assisted Solution

jrwarren earned 400 total points
ID: 35486664
SBS2008 requires the client trust the server certificate.  If you are using a self-signed certificate, you need to physically add the certificate to the client machine's CA root and/or Trusted authority.   If the certificate comes back as bad, the client cannot communicate through the terminal services gateway and you will be rejected because the certificate is not the name it is issued to, expired or not trusted by a Root Authority.

The easiest path is to purchase a cert from a common vendor, thawte, verisign, godaddy, etc.

If that is not desired, please check out your companyweb and the first article (default) will be "Install server certificate on your local machine"  or some such... Follow the instructions and you should be over the certificate error.

If I rambled down a path that is not what you are referring to, please clarify your problem and I will attempt to help.

Accepted Solution

dmessman earned 600 total points
ID: 35488753
Don't even bother messing with self signed certificates.  For the minimal cost of a third party certificate, you will have a much easier time with SBS 2008.

My recommendation:

get a multiple domain (UCC aka SAN) certificate from godaddy:

get it for:

then use this utility to add it to SBS 2008:

I don't know if this is your first SBS 2008 box or not, but trust me, this is not something you want to skimp on.  This allows yoru wireless devices to work better, webmail to work better, out of office to work for Outlook clients outside your LAN - and more.  

If you need more details on how to do these parts, I can provide the details.

Expert Comment

ID: 35488761
Don't even bother messing with self signed certificates.  For the minimal cost of a third party certificate, you will have a much easier time with SBS 2008.

Agree heartily.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question