RDC Web access with SMB Server 2011 Certificate errors trusted root store

So, I've taken over this SMB 2011 server and it appears to have an expired certificate, I thought I had that taken care of, but looks like I'm missing something.

When the users go to remote.OURDOMAIN.com they get a certificate error, then can click through to the page. That page shows them a list of computers they can connect to, and now they are unable to connect to them. When you click a computer to connect, the first screen that comes up is a RemoteApp warning, unknown publisher. Then they enter their credentials and are told
This computer can't verify the identity of the RD gateway "remote.OURDOMAIN.com". It's not safe to connect to servers that can't be identified.

The certificate you can view has the error:
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

I've been trying to put it in the root store, and I thought I did that, but it's still not working. Kinda stuck on what to try next.
LVL 2
musickmannData AnalystAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N-WCommented:
Start by checking if your SSL certificate is installed correctly by using a tool like: http://www.digicert.com/help/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
musickmannData AnalystAuthor Commented:
Sorry for the delay here, had some things come up that took priority.

The checker tool returns all green checks, so that is a good thing I suppose.

This is actually a self-signed certificate, since I'm not too familiar with all this SSL stuff, I'm guessing that is the root of the issue?

I prepared some instructions for the client on how to download and add the certificate to their local machines as a trusted host certificate, is that the only option with a self-signed certificate?

I can't seem to get the certificate to install on the server as a trusted root, so I'm not sure if I'm missing something, or if it just isn't possible.
0
N-WCommented:
I highly recommend purchasing a trusted third party certificate, they're fairly cheap (GoDaddy for example) and very much outweigh the administrative overhead associated with running a self-signed certificate.

With a trust third party certificate, you don't need to add the certificate to all of the users' machines. As long as they have an internet connection to check the Certificate Revocation List (CRL) occasionally, no certificate errors will be presented to the user.
0
musickmannData AnalystAuthor Commented:
Thanks for the suggestion. I will definitly look into a 3rd party cert for this client.

I'm now also having some problems with accessing shared folders from the web access. No certificate errors, but I suppose it could be related.

The oddity is that it seems they had none of these problems before the cert expired, and it was always self signed.
0
musickmannData AnalystAuthor Commented:
Excellent tool for identifying errors, saved me a ton of time. Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.