SBS2011 remote connection issue

Posted on 2012-03-21
Last Modified: 2012-06-27
Hello, we have a new single sbs2011 server, which we added an ssl certifficate to, which enabled us to log on remotely for OWA. This was working fine.

We have installed several updates to the server since the original comissioning,

However, just recently we are getting certificate errors when trying to log in to We can proceed, although advised not to, and we eventually get the logon screen. When we logon the OWA screen appears, and we can access e-mail OK.

However, when we try to connect to say the server, we get the following error.

This computer can't verify the identity of the RD gateway "". It's not safe to connect to servers that can't be identified.

I realise that something has happened with the SSL certificate on our server, but as this was working, did not want to start "poking" around without consulting somone else first.

If anyone could give me some assistance in how to troubleshoot this, I would be very much obliged.

Many thanks.
Question by:nigelbeatson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2

Expert Comment

ID: 37749584
Run through the Internet Address Management Wizard again for adding the certificate and setting up your names in the SBS console.

Accepted Solution

crash2000 earned 250 total points
ID: 37751328
These users may need to install the certificate locally.

You can configure remote computers to trust the Windows Small Business Server 2011 Standard server by installing the server's security certificate. This will enable your browser to connect to the Remote Web Access site without security warnings.
To install the server's security certificate on your remote computer, do the following:
1.From a computer that is in the Windows SBS network, open a Web browser and type the following address into the address bar:  \\SERVERNAME\public\downloads.
2.Copy the file Install Certificate to portable storage media, such as a floppy disk or a USB drive.
3.Insert the floppy disk or USB drive into the computer that is not joined to the Windows SBS domain and from which you want to access Remote Web Access.
4.In Windows Explorer, navigate to the location where you copied Install Certificate
5.Right-click Install Certificate, and then click Extract All.
6.In the Extract Compressed (Zipped) Folders dialog box, type a folder location to which you want to extract the files, and then click Extract.
7.Open the folder where the extracted files are located, and then double-click InstallCertificate.
8.Select Install the certificate on my computer, and then click Install.
9.Browse to the Remote Web Access site.
Note:     You should only download the certificate installer package from a computer that is directly connected to your organization's network. Do not download this package over the Internet.

This should prevent the message earlier.


Author Comment

ID: 37752086
Thanks Mark,

I would prefer to have the SSL to work from workstations without the SSL installed locally, as I have to administer the server from remote locations, not always from the same device, so its important that we get this working correctly.

Thanks for your input though.
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Author Comment

ID: 37752095
Th other thing is of course that we have remote users using OWA, and I dont want them seeing the certifficate error. They too will be accessing it from various devices, so again we need the SSL installed correctly. It used to work fine, but now.......

Expert Comment

ID: 37752125
In my experience, you cannot do that without installing the certificate on the local machine. I maybe wrong, and stand corrected if that is the case.
As I understand it, the certificate installed on the local machine, confirms to the server, that this machine is allowed to connect. Other wise it gives the shown error.
It maybe that a recent update has enforced this behaviour.

EE - Can anyone else confirm this?


Author Comment

ID: 37752164
We have had it working without installing the certificate on each local device previously, so I probably agree with you that some kind of update has "broken" this.

Would like it to work as before if at all possible.

Many thanks.

Assisted Solution

Geodash earned 250 total points
ID: 37752797
Another option is to drop and re-add a test machine form the domain and see if it fixes it. I believe a PC gets a certificate automatically from the SBS Server when it is a member of the domain.

Author Closing Comment

ID: 37772380
Whilst this did not resolve my particular issue, I appreciate the time taken to respond

Expert Comment

ID: 37772624
Glad to help.


Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question