SBS2011 remote connection issue

Hello, we have a new single sbs2011 server, which we added an ssl certifficate to, which enabled us to log on remotely for OWA. This was working fine.

We have installed several updates to the server since the original comissioning,

However, just recently we are getting certificate errors when trying to log in to We can proceed, although advised not to, and we eventually get the logon screen. When we logon the OWA screen appears, and we can access e-mail OK.

However, when we try to connect to say the server, we get the following error.

This computer can't verify the identity of the RD gateway "". It's not safe to connect to servers that can't be identified.

I realise that something has happened with the SSL certificate on our server, but as this was working, did not want to start "poking" around without consulting somone else first.

If anyone could give me some assistance in how to troubleshoot this, I would be very much obliged.

Many thanks.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Run through the Internet Address Management Wizard again for adding the certificate and setting up your names in the SBS console.
These users may need to install the certificate locally.

You can configure remote computers to trust the Windows Small Business Server 2011 Standard server by installing the server's security certificate. This will enable your browser to connect to the Remote Web Access site without security warnings.
To install the server's security certificate on your remote computer, do the following:
1.From a computer that is in the Windows SBS network, open a Web browser and type the following address into the address bar:  \\SERVERNAME\public\downloads.
2.Copy the file Install Certificate to portable storage media, such as a floppy disk or a USB drive.
3.Insert the floppy disk or USB drive into the computer that is not joined to the Windows SBS domain and from which you want to access Remote Web Access.
4.In Windows Explorer, navigate to the location where you copied Install Certificate
5.Right-click Install Certificate, and then click Extract All.
6.In the Extract Compressed (Zipped) Folders dialog box, type a folder location to which you want to extract the files, and then click Extract.
7.Open the folder where the extracted files are located, and then double-click InstallCertificate.
8.Select Install the certificate on my computer, and then click Install.
9.Browse to the Remote Web Access site.
Note:     You should only download the certificate installer package from a computer that is directly connected to your organization's network. Do not download this package over the Internet.

This should prevent the message earlier.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nigelbeatsonAuthor Commented:
Thanks Mark,

I would prefer to have the SSL to work from workstations without the SSL installed locally, as I have to administer the server from remote locations, not always from the same device, so its important that we get this working correctly.

Thanks for your input though.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

nigelbeatsonAuthor Commented:
Th other thing is of course that we have remote users using OWA, and I dont want them seeing the certifficate error. They too will be accessing it from various devices, so again we need the SSL installed correctly. It used to work fine, but now.......
In my experience, you cannot do that without installing the certificate on the local machine. I maybe wrong, and stand corrected if that is the case.
As I understand it, the certificate installed on the local machine, confirms to the server, that this machine is allowed to connect. Other wise it gives the shown error.
It maybe that a recent update has enforced this behaviour.

EE - Can anyone else confirm this?

nigelbeatsonAuthor Commented:
We have had it working without installing the certificate on each local device previously, so I probably agree with you that some kind of update has "broken" this.

Would like it to work as before if at all possible.

Many thanks.
Another option is to drop and re-add a test machine form the domain and see if it fixes it. I believe a PC gets a certificate automatically from the SBS Server when it is a member of the domain.
nigelbeatsonAuthor Commented:
Whilst this did not resolve my particular issue, I appreciate the time taken to respond
Glad to help.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.