Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Help joining an SBS 2011 domain across a VPN

Posted on 2014-03-11
6
Medium Priority
?
1,018 Views
Last Modified: 2014-03-17
Working on an SBS 2011 domain.  Several machines are remote from the office using a watchguard VPN  - office subnet is 192.168.1.0, remote location is 192.168.2.0

Trying to join a new win 7 machine to this network.

Added entries for server in hosts file on win 7:

server.domain.local
server
server.domain.com
connect

all point to the 192.168.1.3 of the server

we can ping it
added domain.local to the advanced DNS tab

when we try

http://server/connectcomputer 

we get a message that security cert is invalid, then when we click continue, we get a 404 message.

When we try or
http://connect

we get:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>
 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>
 
we haven't added a computer in a while, but the server seems to be working OK?

Any advice?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 14

Assisted Solution

by:Andy M
Andy M earned 2000 total points
ID: 39921400
I believe your SBS server will be using a self-signed certificate that the remote computer is unaware of.

If you look on the server in Public user documents/downloads (can never remember which) you should find a certificate installation package, copy this to the remote system somehow, run it and restart the remote computer.

Then check to see if you still get the same certificate error.

The other option is to join the domain via the system properties dialog on the remote computer - assuming dns is working fine it should allow you to join the domain through tha way as well.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39921426
join through the sys properties - that doesn't do all that http://connect does, right?

and we are using a Godaddy cert (at least when out on the web).
0
 
LVL 14

Assisted Solution

by:Andy M
Andy M earned 2000 total points
ID: 39921444
Personally I've never really used the web method of joining to the domain so not sure what else it actually does differently - always used the sys properties and providing that there's no dns issues I've never had a  problem doing it that way.

When it brings up the cert warning on the remote computer does it let you view the certificate it's trying to use and see if it is the GoDaddy certificate or something else?

Is this the first machine you've joined in this method? If not I take it the other machines worked fine?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39921472
I am used to being able to click on the lock or similar to see the cert details.

all it says is:  The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

which makes sense since the cert isn't for https://connect : )

I've joined other machines over the vpn a long time ago and remember it wasn't easy.  Of course, I didn't take notes on how to do it to avoid this.  reinventing the wheel....
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39921479
actually now, when I type https://connect

I get the cert message, click continue then get to the IIS 7 page.

anyone know what another address would be for the connect computer page for sbs 2011 or how to tell if that part of the server is working OK?
0
 
LVL 14

Accepted Solution

by:
Andy M earned 2000 total points
ID: 39921497
Well that would explain why you are getting certificate warnings.

Assuming you have a certificate for something like "remote.domain.com" - if you setup an A host record on the remote PC dns for remote.domain.com and point it at the server's internal IP (192.168 . . .) do you still get certificate warnings when trying to access https://remote.domain.com/connectcomputer?

I recall SBS been really funny about certificates - think we spent a while trying to get things like Outlook Anywhere and Remote Web Workplace working correctly which turned out to be certificate issues in the end.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question