none
SBS 2011 RWA and Windows XP Computer

    Question

  • Good Afternoon,

    we have just implemented a new SBS 2011 server and 6 brand new Windows 7 PCs.

    We have tested RWA and the "connect to my computer" feature from a windows-7 machine, and it works just fine.

    when trying to connect from Windows XP, or Windows Vista though, we cannot connect to any of the computers in the office...we get one of two error messages:

    1) An error has Occured on the remote computer.... 

    2) There was an error contacting the RD gateway....

     

    does anybody have any suggestions?

    Sunday, May 01, 2011 6:08 PM

Answers

  • UPDATE 

     

    we found the following buried inside the SBS 2011 Release Documentation:

    Computers that are running Windows XP with Service Pack 3 may not be able to use Remote Web Access to connect to other computers on the network

    If a user signs in to Remote Web Access from a computer that is running Windows XP with Service Pack 3 installed and then tries to connect to another computer, the following error may appear:

    "Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance."

    To resolve this issue, you must log on to the Windows XP computer, and turn on the Credential Security Support Provider (CredSSP). For detailed information and instructions, see KB951608 “Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3” at the Microsoft Support website (http://go.microsoft.com/fwlink/?LinkId=206328).

    you can find documentation of the CredSSP here: 

    http://support.microsoft.com/kb/951608

     

     

    this allows us to connect successfully to the machines at our office, however i'm interested as to WHY it works... we have NLA turned off, and the documentation for CredSSP states this is only required for NLA-Enforce Computers.

    Wednesday, July 20, 2011 4:26 PM

All replies

  • Are you able to RDP to either of these machines on the internal lan?

    Usually it will be a client firewall is enabled or the pc is not configured to allow RDP.


    Robert Pearman SBS MVP (2010) | www.titlerequired.com | www.itauthority.co.uk
    Sunday, May 01, 2011 7:16 PM
  • looking back at my original question... some clarification:

    we are trying to use RWA "connect to my computer" from a Windows XP machine to our new Windows 7 Desktops.

     

    from an outside windows 7 machine, i can use the CTMC feature to get to the new windows 7 desktops.

    from an outside windows XP Machine i CANNOT use the CTMC feature to get to the new windows 7 desktops.

     

    from INSIDE the network, i can use either type of machine to directly RDP to the computer.

    Sunday, May 01, 2011 7:20 PM
  • On the XP Machine, do you have the activeX installed?

    Is the site in trusted sites?

    Do you have any other SBS servers you can attempt to login to?


    Robert Pearman SBS MVP (2010) | www.titlerequired.com | www.itauthority.co.uk
    Monday, May 02, 2011 2:20 PM
  • Install this update on your Windows XP machine and I think you'll find it works at that point
     

    --
    Cris Hanna [SBS - MVP] (since 1997)
    Co-Contributor, Windows Small Business Server 2008 Unleashed
    http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
    Owner, CPU Services, Belleville, IL
    A Microsoft Registered Partner
    ------------------------------------
    MVPs do not work for Microsoft
    Please do not submit questions directly to me.

    Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL
    Tuesday, May 03, 2011 3:14 PM
  • i have tried the mentioned solutions to no avail.

     

      we are unable to connect from multiple Windows XP Machines, and at least 2 different Windows Vista Machines.

     

     we have a GoDaddy Issued Certificate in the Name of "remote.xxx.net" 

     

     

     here is the procedure for us logging in:

     

      1. goto "remote.xxx.net

     2. Login with domain credentials

     3. Click "connect" on the remote PC that we wish to connect to

     4. Receive warning message:

     Remote Desktop Connection

      a website wants to run a RemoteApp program. make sure you trust the publisher before you connect to run the program.

       Publisher: remote.xxx.net

       type: Remote Desktop Connection

       Remote Computer: (comp name)

       gateway server: Remote.xxx.net

    5. Click "connect"

    6. receive prompt for credentials

    7. enter credentials with username in local domain\username format

    8. watch as RDC goes to "initiating connection..."

    9. watch as RDC goes to "securing connection..."

     

    10. receive error message: (first type)

     an error occurred while sending data to the remote desktop gateway server. the server is temporarily unavailable or a network connection is down. 

     

    10. receive error message: (second type)

    your computer cant connect to the remote computer because an error occurred on the remote computer you want to connect to.


    Tuesday, May 03, 2011 6:58 PM
  • If you're receiving this warning your godaddy cert is not installed correctly
    Did you install the intermediate godaddy cert along with your cert?
     
    Check out this blog from Sean Daniels of the SBS Product team on installing GoDaddy Certs
     
    Cris Hanna [SBS - MVP] (since 1997)
    Co-Contributor, Windows Small Business Server 2008 Unleashed
    http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
    Owner, CPU Services, Belleville, IL
    A Microsoft Registered Partner
    ------------------------------------
    MVPs do not work for Microsoft
    Please do not submit questions directly to me.

    Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL
    Tuesday, May 03, 2011 8:18 PM
  • Hi Customer,

    In order for clients to be able to establish a connection to the Remote Desktop Gateway server, the following must be true:
     .The Name of the certificate must match your public URL that the clients are using to connect to
     .The Certificate chain must be trusted by your client machine
     .The Certificate needs to be valid in terms of the date/time

    Introduction to SBS 2011 Standard Remote Web Access (RWA)

    http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx

     


    Regards, Rick Tan
    Wednesday, May 04, 2011 8:38 AM
  • i originally followed the article by sean daniels to obtain and install my SSL certificate...

    my certificated was issued in the name remote.xxx.net

    i'm not sure what you mean by "Certificate chain"...

    the certificate is valid, i bought a 3 year Cert.... confirmed with GoDaddy.

     

    i did just go back and re-ran the "Add a trusted certificate wizard" and choose "replace with an existing certificate" and choose the one i had already imported.  this did not resolve the issue...

     

    is there anywhere else i need to install the certificate besides the MMC/certificates Intermediate Cert Store & the "Add a trusted cert wizard"??

     

     

    this is the warning that i am receiving... 

    http://www.flickr.com/photos/62508199@N06/5686698959/

     

    Wednesday, May 04, 2011 2:03 PM
  • Yes, i think as Cris says you need to install the intermediate certificate.

    This is a second certificate that godaddy send to you/ is available for download from there website.

    You should install it in the 'Intermediate Certification Authorites' store on the server.


    Robert Pearman SBS MVP (2010) | www.titlerequired.com | www.itauthority.co.uk
    Wednesday, May 04, 2011 7:52 PM
  • Review this -

    http://help.godaddy.com/topic/186/article/868?locale=en


    Robert Pearman SBS MVP (2010) | www.titlerequired.com | www.itauthority.co.uk
    Wednesday, May 04, 2011 7:53 PM
  • Why is the publisher blanked out on the screen shot - what is it displaying?
    Robert Pearman SBS MVP (2010) | www.titlerequired.com | www.itauthority.co.uk
    Wednesday, May 04, 2011 7:54 PM
  • the publisher is our full domain name (remote.xxx.net)

     

    is the intermediate certificate the reason we are receiving:

    http://www.flickr.com/photos/62508199@N06/5688595591/

     

    error?

    Thursday, May 05, 2011 2:38 AM
  • is the intermediate certificate installed correctly?

     

    http://www.flickr.com/photos/62508199@N06/5688653287/

     

     

    Thursday, May 05, 2011 2:52 AM
  • Hi Customer,

        Please check if Go Daddy Class 2 Certification Authority root cerificate installed in Trusted root CA folder. It should be disabled on your server and clients.

    Installing an SSL Certificate in Microsoft IIS6

    http://help.godaddy.com/topic/742/article/4875

    Important Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    Regards, Rick Tan
    Thursday, May 05, 2011 4:06 AM
  • the server has IIS 7 installed.

     

    yes, the Go daddy Class 2 CA was installed in the trusted root CA folder,

    i've disabled the certificate on the server and on one of my client machines and i am still unable to use the CTMC feature from Windows XP...

    Thursday, May 05, 2011 1:33 PM
  • I would run the Setup My Internet Address again
    Select I have a domina
    Select I want to manage myself
    Complete the wizard
     
    This should deploy the Self Signed Cert
    Then deploy the self signed cert to the remote computer
     
    Can you connect?

    --
    Cris Hanna [SBS - MVP] (since 1997)
    Co-Contributor, Windows Small Business Server 2008 Unleashed
    http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
    Owner, CPU Services, Belleville, IL
    A Microsoft Registered Partner
    ------------------------------------
    MVPs do not work for Microsoft
    Please do not submit questions directly to me.

    Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL
    Thursday, May 05, 2011 4:29 PM
  • this is going to seem stupid, but how do i deploy the Self Signed Cert?

     

    i followed this guide... but in windows XP:

    http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

     

    i am still unable to connect, i receive an error that says:

    the computer cannot verify the identity of the RD Gateway "remote.xxx.net" its not safe to connect to servers that can;t be identified.

     

    Thursday, May 05, 2011 6:13 PM
  • There is a blog post from the sbs blog on how to do this for 2011 -

    http://blogs.technet.com/b/sbs/archive/2011/04/19/how-to-obtain-the-certificate-distribution-package-in-sbs-2011-standard-through-remote-web-access.aspx


    Robert Pearman SBS MVP (2010) | www.titlerequired.com | www.itauthority.co.uk
    Thursday, May 05, 2011 9:17 PM
  • Hi Customer,

        It need to generate CSR before you install SSL certificate in IIS7, Go daddy also provide a tool to diagnose SSL installation. Hope it could resolve your issue.

    Generating a CSR and Installing an SSL Certificate in Microsoft IIS7

    http://help.godaddy.com/topic/742/article/4801

    Using the SSL Installation Tool

    http://help.godaddy.com/article/6015?locale=en

    Important Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    Regards, Rick Tan
    Friday, May 06, 2011 5:22 AM
  • after installing the Self Signed Certificate... i am still unable to connect to the remote computer...

     

    i did not receive the SSL warning like i had before, however i did receive the message:

    your computer cant connect to the remote computer because an error occurred on the remote computer you want to connect to.

     

     


    Friday, May 06, 2011 2:15 PM
  • Hi Customer,

        I review the case, it works normal for Windows 7, but connect failed for Windows XP and Windows Vista. 

        I want to know if these clients have connected to SBS network, run computer wizards via http://connect.

        Please try to connect to office machine just via remote desktop connection with TS Gateway server setting, not from RWA website.

        Refer to KB 969084, it mentioned same error as your encountered. Can you try to ignore the error message and connect again, or turn on CredSSP.

    remote desktop connection with TS Gateway server setting

    http://blogs.technet.com/b/sbs/archive/2009/06/25/sbs-2008-introduction-to-remote-web-workplace.aspx

    Description of the Remote Desktop Connection 7.0 client

    http://support.microsoft.com/kb/969084


    Regards, Rick Tan
    Tuesday, May 10, 2011 3:12 AM
  • sorry guys, had to get back to my normal job..

     

    we did not use http://connect to join the PCs to the domain, i just used computer properties > rename computer or join to domain

     

    i will try to use the http://connect on one of the computers and see if the issue is resolved.

    Friday, May 13, 2011 6:21 PM
  • update: i ran http://connect on one of the PCs... and i am still unable to connect to that computer...

     

    is there a specific outbound port that should be opened for this to work?

    Friday, May 13, 2011 8:09 PM
  • yes, port 987 should be allowed through. Try disabling any firewalls temporarily including Windows Firewall and see if that helps.
    Sunday, May 15, 2011 2:56 PM
  • Hi Customer,

    your computer cant connect to the remote computer because an error occurred on the remote computer you want to connect to.

    You just provide the error message when your client CTMC. Could you provide client and server event log about this issue?


    Regards,

    Rick Tan

    Monday, May 16, 2011 4:21 AM
  • from the client computer: 

    under terminalservices-localsessionmanager

    event: Remote Desktop Service start failed. The relevant status code was 0x800706b5.


    under terminalservices-remoteconnectionmanager

    event: Listener RDP-Tcp received a connection


    from the SBS 2011 Server:

    under terminalservices-gateway:

    e1: The user "ILGROUP\jwalker", on client computer "(Remote IP)", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".

    e2: The user "ILGROUP\jwalker", on client computer "(Remote IP)", met resource authorization policy requirements and was therefore authorized to connect to resource "3TTMDQ1".

    e3: The user "ILGROUP\jwalker", on client computer "(Remote IP)", connected to resource "3TTMDQ1".

    e4: The user "ILGROUP\jwalker", on client computer "(Remote IP)", disconnected from the following network resource: "3TTMDQ1".
    Before the user disconnected, the client transferred 295 bytes and received 180 bytes. The client session duration was 60 seconds.


    ====================================
    i'm not quite sure what this is about: "Remote Desktop Service start failed. The relevant status code was 0x800706b5."
    i can RDP just fine directly to the computer as long as i am inside the network, or i am using RWA CTMC from a windows 7 computer


    Monday, May 16, 2011 7:00 PM
  • Hi Customer,


    Well, the log looks no helpful to us.
    Please check your SBS setting refer to below blog.
    Now I thought workaround way is that you could use VPN to connect to computer for your windows xp users.

    Common Remote Web Workplace (RWW) Connect to a Computer Issues in SBS 2008
    http://blogs.technet.com/b/sbs/archive/2009/06/19/common-remote-web-workplace-rww-connect-to-a-computer-issues-in-sbs-2008.aspx


    Regards,

    Rick Tan


    Tuesday, May 17, 2011 2:10 AM
  • i have reviewed the article and cannot find anything wrong with my installation...

     

    i can see absolutely no reason why i can connect from a windows 7 PC to our PCs at work just fine...

    but when trying to connect from Windows XP i get a failure.

     

     

    is there a Group Policy setting that could cause this?


    Thursday, May 19, 2011 1:36 AM
  • Hey Jwalker

    It seems like this thread isn't going anywhere and it's been open for awhile. If you don't mind I'd like to test it from my end.

    My email is mendy@mendyonline.com if you want can you set me up with a temporary account and let me know the information to connect to a box.

    Thanks

    Greenlight.

    Sunday, May 29, 2011 12:36 AM
  • UPDATE 

     

    we found the following buried inside the SBS 2011 Release Documentation:

    Computers that are running Windows XP with Service Pack 3 may not be able to use Remote Web Access to connect to other computers on the network

    If a user signs in to Remote Web Access from a computer that is running Windows XP with Service Pack 3 installed and then tries to connect to another computer, the following error may appear:

    "Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance."

    To resolve this issue, you must log on to the Windows XP computer, and turn on the Credential Security Support Provider (CredSSP). For detailed information and instructions, see KB951608 “Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3” at the Microsoft Support website (http://go.microsoft.com/fwlink/?LinkId=206328).

    you can find documentation of the CredSSP here: 

    http://support.microsoft.com/kb/951608

     

     

    this allows us to connect successfully to the machines at our office, however i'm interested as to WHY it works... we have NLA turned off, and the documentation for CredSSP states this is only required for NLA-Enforce Computers.

    Wednesday, July 20, 2011 4:26 PM
  • This worked for me, but a new profile was created on the machine I accessed (the domain client that I use when I am in the office) & now I can't get to my outlook calendars, contacts, & email. My Windows 7 laptop does not create this issue.
    Tuesday, June 26, 2012 9:22 PM