SBS2011 remote connection issue

Posted on 2012-03-21
Last Modified: 2012-06-27
Hello, we have a new single sbs2011 server, which we added an ssl certifficate to, which enabled us to log on remotely for OWA. This was working fine.

We have installed several updates to the server since the original comissioning,

However, just recently we are getting certificate errors when trying to log in to We can proceed, although advised not to, and we eventually get the logon screen. When we logon the OWA screen appears, and we can access e-mail OK.

However, when we try to connect to say the server, we get the following error.

This computer can't verify the identity of the RD gateway "". It's not safe to connect to servers that can't be identified.

I realise that something has happened with the SSL certificate on our server, but as this was working, did not want to start "poking" around without consulting somone else first.

If anyone could give me some assistance in how to troubleshoot this, I would be very much obliged.

Many thanks.
Question by:nigelbeatson
  • 4
  • 3
  • 2

Expert Comment

ID: 37749584
Run through the Internet Address Management Wizard again for adding the certificate and setting up your names in the SBS console.

Accepted Solution

crash2000 earned 250 total points
ID: 37751328
These users may need to install the certificate locally.

You can configure remote computers to trust the Windows Small Business Server 2011 Standard server by installing the server's security certificate. This will enable your browser to connect to the Remote Web Access site without security warnings.
To install the server's security certificate on your remote computer, do the following:
1.From a computer that is in the Windows SBS network, open a Web browser and type the following address into the address bar:  \\SERVERNAME\public\downloads.
2.Copy the file Install Certificate to portable storage media, such as a floppy disk or a USB drive.
3.Insert the floppy disk or USB drive into the computer that is not joined to the Windows SBS domain and from which you want to access Remote Web Access.
4.In Windows Explorer, navigate to the location where you copied Install Certificate
5.Right-click Install Certificate, and then click Extract All.
6.In the Extract Compressed (Zipped) Folders dialog box, type a folder location to which you want to extract the files, and then click Extract.
7.Open the folder where the extracted files are located, and then double-click InstallCertificate.
8.Select Install the certificate on my computer, and then click Install.
9.Browse to the Remote Web Access site.
Note:     You should only download the certificate installer package from a computer that is directly connected to your organization's network. Do not download this package over the Internet.

This should prevent the message earlier.


Author Comment

ID: 37752086
Thanks Mark,

I would prefer to have the SSL to work from workstations without the SSL installed locally, as I have to administer the server from remote locations, not always from the same device, so its important that we get this working correctly.

Thanks for your input though.

Author Comment

ID: 37752095
Th other thing is of course that we have remote users using OWA, and I dont want them seeing the certifficate error. They too will be accessing it from various devices, so again we need the SSL installed correctly. It used to work fine, but now.......
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Expert Comment

ID: 37752125
In my experience, you cannot do that without installing the certificate on the local machine. I maybe wrong, and stand corrected if that is the case.
As I understand it, the certificate installed on the local machine, confirms to the server, that this machine is allowed to connect. Other wise it gives the shown error.
It maybe that a recent update has enforced this behaviour.

EE - Can anyone else confirm this?


Author Comment

ID: 37752164
We have had it working without installing the certificate on each local device previously, so I probably agree with you that some kind of update has "broken" this.

Would like it to work as before if at all possible.

Many thanks.

Assisted Solution

Geodash earned 250 total points
ID: 37752797
Another option is to drop and re-add a test machine form the domain and see if it fixes it. I believe a PC gets a certificate automatically from the SBS Server when it is a member of the domain.

Author Closing Comment

ID: 37772380
Whilst this did not resolve my particular issue, I appreciate the time taken to respond

Expert Comment

ID: 37772624
Glad to help.


Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now