SBS 2008 RWW suddenly not connecting without error

My RWW has been working fine . Lately I have been experiencing a situation where :
When a user tries to connect . remote.mycompany.com
I get waiting for remote.mycompany.com
this just goes on without a timeout or other error .
The only thing in logs is about certificates which expired 2 years ago .
I am at a loss as to what may be causing this and since this site hosts many remote users I am reluctant to just go in and poke around without guidance.
Has anybody experienced this ?
The problem goes away with a server reboot but this is not a good fix as you can imagine .
Help ? Anyone ?
Andre PAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jaroslav LatalMSPCommented:
Hi Andre,

It's not connecting only from outside or you cannot login internally too?
You can try to restart some services instead of server, it will give you a clue where to find the error.
I'd try to restart IIS.

Let us know.


Jarda
0
David AtkinTechnical DirectorCommented:
Firstly you need to take care of the certificate.  If it a self signed cert opposed to a trusted cert then you can renew by doing the following:

Open the SBS Console > Network Tab> Connectivity sub tab.  
Run the Fix My Network wizard

The actual timeout issue is probably due to either the IIS Service as suggested by JardaCZ or the World Wide Web Publishing service.  Check the event logs for any clues.

If restarting the two services fails to resolve the problem then check the Application Pools in IIS manager to see if they are started.
1
Andre PAuthor Commented:
It is inaccessible locally or externally .
Some further info . It seems exchange stopped functioning too at the same time.
a reboot again brought it back for now.
I want to run the fix my network wizard but since I am supporting remotely I am concerned about losing connectivity if that goes wrong .
Should that be a concern ?
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

David AtkinTechnical DirectorCommented:
You can run the wizard. It will just scan he configuration to identify any warnings / errors.

It's when you proceed to resolve the errors that you may lose connection momentarily.

Run the fix my network wizard and post a screen shot before clicking fix if you're unsure.

In addition run the Best practice analyser to find further errors.

The event log is still your best bet at the moment.
0
Jaroslav LatalMSPCommented:
You can set-up router to forward (NAT) 3389 to servers IP and use RDP access instead of RWW. Then run fix my network wizard.

Jarda
0
Andre PAuthor Commented:
hmm . I have sonicwall . Can you explain how to do this ?
0
Andre PAuthor Commented:
David,
Will do ,
The event log seems useless . As I said its warning about a certificate that expired 2 years ago as the only even surrounding this issue .
It is weird that it is kicking up that one though .
Thats the only coincidence.
0
Jaroslav LatalMSPCommented:
Andre, you should ask your router administrator to do this.
Port forwarding from WAN to LAN, port 3389.

Jarda
0
Andre PAuthor Commented:
ok I plan on working on this tonite and will let you know .
0
Andre PAuthor Commented:
David ,
Attached is the fix my wizard screen shot Fix mu wizard shot
0
David AtkinTechnical DirectorCommented:
Hello,

Select only the root certificate tick box and continue the wizard. It will attempt to renew it. It should succeed.

Then check the event log for any additional cert expiry warnings.

After that run the Best Practice Analyser and see if it shows anything.
0
Andre PAuthor Commented:
David ,
Did what you said (Thanks!!) and it said fixed and gave the attached Certs events  :
I also ran fix my network again and the cert error did not recurr .


It also threw event Id 64 for at least 3 thumbprints .

In addition and what is now most interesting especially since I had also experienced exchange outage when the remote access went out is I have and still have the attached event( Exchange-TLS )12016 error now.
Could that have stopped exchange ?
I am VERY nervous about cert work as I here its a pain to do .


I would like to get to the bottom of this as they rely heavily on Email and remote access.
Certs-Events
exchange-tls.txt
0
David AtkinTechnical DirectorCommented:
Hi Andre,

Can you confirm that the Active Directory Certificate Services is started?

Do you get any other certificate errors when running the FMNW?

Can you also download and run the SBS Best Practice Analyser and run a scan.  Let us know the results.
0
Andre PAuthor Commented:
David,
Active Directory Cert Services are running
I had 3 event 64 errors when running the FMNW
The Best Practice are attached .
The only other Certificate related error is attached .
could this be related to the problem I am having ?
If so I dont think the FMNW has corrected it .
note :remote.company.com mentioned in the exchange cert is how users access RWW .
Thanks so much for your continued help !
Best-Pract-A.png
Best-Pract-B.png
Exchange-Cert-Error-.png
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Andre,

Apparently you have yet to resolve this issue?  I read through the entire thread and it seems as though you have avoided fixing the SSL Certificate issue -- I'm not sure why this is, but you MUST fix it.

It is recommended that you use a 3rd party certificate so that users will not have a problem connecting remotely.  There is plenty of guidance out there for the steps involved in doing this, a good resource is this one:
http://blog.lan-tech.ca/2012/03/03/sbs-20082011-renew-3rd-party-certificate/

If you choose to use a self-signed certificate, then all you need to do is run the "Set up your Internet Address" wizard to create and install a 2-year self-signed cert (although I do recommend using a 3rd party one instead).

Jeff
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.