[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


SBS2011 remote connection issue

Posted on 2012-03-21
Medium Priority
Last Modified: 2012-06-27
Hello, we have a new single sbs2011 server, which we added an ssl certifficate to, which enabled us to log on remotely for OWA. This was working fine.

We have installed several updates to the server since the original comissioning,

However, just recently we are getting certificate errors when trying to log in to https://remote.domainname.co.uk. We can proceed, although advised not to, and we eventually get the logon screen. When we logon the OWA screen appears, and we can access e-mail OK.

However, when we try to connect to say the server, we get the following error.

This computer can't verify the identity of the RD gateway "remote.domainname.co.uk". It's not safe to connect to servers that can't be identified.

I realise that something has happened with the SSL certificate on our server, but as this was working, did not want to start "poking" around without consulting somone else first.

If anyone could give me some assistance in how to troubleshoot this, I would be very much obliged.

Many thanks.
Question by:nigelbeatson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2

Expert Comment

ID: 37749584
Run through the Internet Address Management Wizard again for adding the certificate and setting up your names in the SBS console.

Accepted Solution

crash2000 earned 750 total points
ID: 37751328
These users may need to install the certificate locally.

You can configure remote computers to trust the Windows Small Business Server 2011 Standard server by installing the server's security certificate. This will enable your browser to connect to the Remote Web Access site without security warnings.
To install the server's security certificate on your remote computer, do the following:
1.From a computer that is in the Windows SBS network, open a Web browser and type the following address into the address bar:  \\SERVERNAME\public\downloads.
2.Copy the file Install Certificate Package.zip to portable storage media, such as a floppy disk or a USB drive.
3.Insert the floppy disk or USB drive into the computer that is not joined to the Windows SBS domain and from which you want to access Remote Web Access.
4.In Windows Explorer, navigate to the location where you copied Install Certificate Package.zip.
5.Right-click Install Certificate Package.zip, and then click Extract All.
6.In the Extract Compressed (Zipped) Folders dialog box, type a folder location to which you want to extract the files, and then click Extract.
7.Open the folder where the extracted files are located, and then double-click InstallCertificate.
8.Select Install the certificate on my computer, and then click Install.
9.Browse to the Remote Web Access site.
Note:     You should only download the certificate installer package from a computer that is directly connected to your organization's network. Do not download this package over the Internet.

This should prevent the message earlier.


Author Comment

ID: 37752086
Thanks Mark,

I would prefer to have the SSL to work from workstations without the SSL installed locally, as I have to administer the server from remote locations, not always from the same device, so its important that we get this working correctly.

Thanks for your input though.
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.


Author Comment

ID: 37752095
Th other thing is of course that we have remote users using OWA, and I dont want them seeing the certifficate error. They too will be accessing it from various devices, so again we need the SSL installed correctly. It used to work fine, but now.......

Expert Comment

ID: 37752125
In my experience, you cannot do that without installing the certificate on the local machine. I maybe wrong, and stand corrected if that is the case.
As I understand it, the certificate installed on the local machine, confirms to the server, that this machine is allowed to connect. Other wise it gives the shown error.
It maybe that a recent update has enforced this behaviour.

EE - Can anyone else confirm this?


Author Comment

ID: 37752164
We have had it working without installing the certificate on each local device previously, so I probably agree with you that some kind of update has "broken" this.

Would like it to work as before if at all possible.

Many thanks.

Assisted Solution

Geodash earned 750 total points
ID: 37752797
Another option is to drop and re-add a test machine form the domain and see if it fixes it. I believe a PC gets a certificate automatically from the SBS Server when it is a member of the domain.

Author Closing Comment

ID: 37772380
Whilst this did not resolve my particular issue, I appreciate the time taken to respond

Expert Comment

ID: 37772624
Glad to help.


Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question