Certificate errors after migrating from SBS2003 to SBS2008

Posted on 2011-04-28
Last Modified: 2012-08-13
We are not using third party certificates.  Here is the result of the Remote Connectivity Analyzer.  Sorry for my ignorance, but I am reading the posts and links to "Tell me how to resolve this" and I could blindly follow these suggestions, but I don't know what it is doing (i.e. what it is changing) and I don't want to arbitrarily make changes without understanding them.

Any info would be appreciated.
Question by:SudsyBrew
    LVL 7

    Assisted Solution

    SBS2008 requires the client trust the server certificate.  If you are using a self-signed certificate, you need to physically add the certificate to the client machine's CA root and/or Trusted authority.   If the certificate comes back as bad, the client cannot communicate through the terminal services gateway and you will be rejected because the certificate is not the name it is issued to, expired or not trusted by a Root Authority.

    The easiest path is to purchase a cert from a common vendor, thawte, verisign, godaddy, etc.

    If that is not desired, please check out your companyweb and the first article (default) will be "Install server certificate on your local machine"  or some such... Follow the instructions and you should be over the certificate error.

    If I rambled down a path that is not what you are referring to, please clarify your problem and I will attempt to help.
    LVL 9

    Accepted Solution

    Don't even bother messing with self signed certificates.  For the minimal cost of a third party certificate, you will have a much easier time with SBS 2008.

    My recommendation:

    get a multiple domain (UCC aka SAN) certificate from godaddy:

    get it for:\

    then use this utility to add it to SBS 2008:

    I don't know if this is your first SBS 2008 box or not, but trust me, this is not something you want to skimp on.  This allows yoru wireless devices to work better, webmail to work better, out of office to work for Outlook clients outside your LAN - and more.  

    If you need more details on how to do these parts, I can provide the details.
    LVL 7

    Expert Comment

    Don't even bother messing with self signed certificates.  For the minimal cost of a third party certificate, you will have a much easier time with SBS 2008.

    Agree heartily.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now