Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

SBS2011 remote connection issue

Posted on 2012-03-21
Last Modified: 2012-06-27
Hello, we have a new single sbs2011 server, which we added an ssl certifficate to, which enabled us to log on remotely for OWA. This was working fine.

We have installed several updates to the server since the original comissioning,

However, just recently we are getting certificate errors when trying to log in to https://remote.domainname.co.uk. We can proceed, although advised not to, and we eventually get the logon screen. When we logon the OWA screen appears, and we can access e-mail OK.

However, when we try to connect to say the server, we get the following error.

This computer can't verify the identity of the RD gateway "remote.domainname.co.uk". It's not safe to connect to servers that can't be identified.

I realise that something has happened with the SSL certificate on our server, but as this was working, did not want to start "poking" around without consulting somone else first.

If anyone could give me some assistance in how to troubleshoot this, I would be very much obliged.

Many thanks.
Question by:nigelbeatson
  • 4
  • 3
  • 2

Expert Comment

ID: 37749584
Run through the Internet Address Management Wizard again for adding the certificate and setting up your names in the SBS console.

Accepted Solution

crash2000 earned 250 total points
ID: 37751328
These users may need to install the certificate locally.

You can configure remote computers to trust the Windows Small Business Server 2011 Standard server by installing the server's security certificate. This will enable your browser to connect to the Remote Web Access site without security warnings.
To install the server's security certificate on your remote computer, do the following:
1.From a computer that is in the Windows SBS network, open a Web browser and type the following address into the address bar:  \\SERVERNAME\public\downloads.
2.Copy the file Install Certificate Package.zip to portable storage media, such as a floppy disk or a USB drive.
3.Insert the floppy disk or USB drive into the computer that is not joined to the Windows SBS domain and from which you want to access Remote Web Access.
4.In Windows Explorer, navigate to the location where you copied Install Certificate Package.zip.
5.Right-click Install Certificate Package.zip, and then click Extract All.
6.In the Extract Compressed (Zipped) Folders dialog box, type a folder location to which you want to extract the files, and then click Extract.
7.Open the folder where the extracted files are located, and then double-click InstallCertificate.
8.Select Install the certificate on my computer, and then click Install.
9.Browse to the Remote Web Access site.
Note:     You should only download the certificate installer package from a computer that is directly connected to your organization's network. Do not download this package over the Internet.

This should prevent the message earlier.


Author Comment

ID: 37752086
Thanks Mark,

I would prefer to have the SSL to work from workstations without the SSL installed locally, as I have to administer the server from remote locations, not always from the same device, so its important that we get this working correctly.

Thanks for your input though.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 37752095
Th other thing is of course that we have remote users using OWA, and I dont want them seeing the certifficate error. They too will be accessing it from various devices, so again we need the SSL installed correctly. It used to work fine, but now.......

Expert Comment

ID: 37752125
In my experience, you cannot do that without installing the certificate on the local machine. I maybe wrong, and stand corrected if that is the case.
As I understand it, the certificate installed on the local machine, confirms to the server, that this machine is allowed to connect. Other wise it gives the shown error.
It maybe that a recent update has enforced this behaviour.

EE - Can anyone else confirm this?


Author Comment

ID: 37752164
We have had it working without installing the certificate on each local device previously, so I probably agree with you that some kind of update has "broken" this.

Would like it to work as before if at all possible.

Many thanks.

Assisted Solution

Geodash earned 250 total points
ID: 37752797
Another option is to drop and re-add a test machine form the domain and see if it fixes it. I believe a PC gets a certificate automatically from the SBS Server when it is a member of the domain.

Author Closing Comment

ID: 37772380
Whilst this did not resolve my particular issue, I appreciate the time taken to respond

Expert Comment

ID: 37772624
Glad to help.


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question