none
SBS 2011 essentials remote web access & certificate configuration

    Question

  • I have setup a SBS 2011 Essentials server to use the Microsoft 3rd party cert .remotewebaccess.com">https://<domain name>.remotewebaccess.com which works very well except in specific circumstances:

    1. When the cert was first setup it confirmed the installation by showing the cert installed successfully. I ran into the numerous issues with connectivity which were made worse by trying to setup the remote desktop services via roles in server manager which killed the sbs setup. I reinstalled the OS on a new drive & the wizard recognized the previous setup & used it in the setup. This allowed me to connect remotely with no issues but has raised several ?. Did the cert actually get downloaded onto the second installation & how can I verify this ( it is still on the 1st install hard drive so if I require any export/import of the cert I can do that) ? In situations where the roles were accidently installed is there a recovery process to fix this ?

    2. On the client side ( Internet) I do not get asked to install the cert onto the workstation ( not joined to domain - external machine ). Is this the expected behavior - I received no errors in connecting & the usual rdp certificate warnings which go away (if installed) if I wish to connect to the PCs. It all works fine.

    3. If I enable the remote gateway service to check the sbs config  as in <a href=">http://support.microsoft.com/kb/2472211 I find the remote app rules to connect to the "dashboard" are there - I wish to connect to a full RDP session & have access to the complete machine - Is there a way to do this? A full rdp session to any of the workstations work fine.

    Thanks


    • Edited by GreenSea IT Thursday, June 07, 2012 11:11 PM post was truncated
    Thursday, June 07, 2012 10:56 PM

Answers

  • Hi,

    Q1: Did the cert actually get downloaded onto the second installation & how can I verify this ( it is still on the 1st install hard drive so if I require any export/import of the cert I can do that) ? In situations where the roles were accidently installed is there a recovery process to fix this?
    A1: I think you could type “mmc” in the run area, and then add snap-in for the certificates. You will be able to view all the certificates on the server. Just like the figure below:

     

    Note: Please use the computer account to open the certificate console.

    Towards the SBSE 2011, the following roles are installed by default:

     

    If any other roles are installed by accident, you could remove the roles in the Server Manager.


    James Xiong

    TechNet Community Support

    Friday, June 08, 2012 6:46 AM
    Moderator
  • Q2: On the client side (Internet) I do not get asked to install the cert onto the workstation (not joined to domain - external machine). Is this the expected behavior - I received no errors in connecting & the usual RDP certificate warnings which go away (if installed) if I wish to connect to the PCs. It all works fine.
    A2: I think you will receive the credentials prompt if you would like to connect to the workstation. If you installed the certificate it will trust it, so the certificate warning will not display; if you don’t install the certificate and keep “Don’t ask me for connections to this computer” unchecked, you will still receive the certificate warning:

     

    Q3: If I enable the remote gateway service to check the sbs config as in
    http://support.microsoft.com/kb/2472211 I find the remote app rules to connect to the "dashboard" are there - I wish to connect to a full RDP session & have access to the complete machine - Is there a way to do this? A full rdp session to any of the workstations work fine.
    A3: If you use the RWA remote to the Server, it’s for the Dashboard connection. It’s by design.

     

    If you prefer the full screen connection, you have to use the Remote Desktop Connection to make it possible.

    Regards,
    James


    James Xiong

    TechNet Community Support

    Friday, June 08, 2012 6:47 AM
    Moderator

All replies

  • Hi,

    Q1: Did the cert actually get downloaded onto the second installation & how can I verify this ( it is still on the 1st install hard drive so if I require any export/import of the cert I can do that) ? In situations where the roles were accidently installed is there a recovery process to fix this?
    A1: I think you could type “mmc” in the run area, and then add snap-in for the certificates. You will be able to view all the certificates on the server. Just like the figure below:

     

    Note: Please use the computer account to open the certificate console.

    Towards the SBSE 2011, the following roles are installed by default:

     

    If any other roles are installed by accident, you could remove the roles in the Server Manager.


    James Xiong

    TechNet Community Support

    Friday, June 08, 2012 6:46 AM
    Moderator
  • Q2: On the client side (Internet) I do not get asked to install the cert onto the workstation (not joined to domain - external machine). Is this the expected behavior - I received no errors in connecting & the usual RDP certificate warnings which go away (if installed) if I wish to connect to the PCs. It all works fine.
    A2: I think you will receive the credentials prompt if you would like to connect to the workstation. If you installed the certificate it will trust it, so the certificate warning will not display; if you don’t install the certificate and keep “Don’t ask me for connections to this computer” unchecked, you will still receive the certificate warning:

     

    Q3: If I enable the remote gateway service to check the sbs config as in
    http://support.microsoft.com/kb/2472211 I find the remote app rules to connect to the "dashboard" are there - I wish to connect to a full RDP session & have access to the complete machine - Is there a way to do this? A full rdp session to any of the workstations work fine.
    A3: If you use the RWA remote to the Server, it’s for the Dashboard connection. It’s by design.

     

    If you prefer the full screen connection, you have to use the Remote Desktop Connection to make it possible.

    Regards,
    James


    James Xiong

    TechNet Community Support

    Friday, June 08, 2012 6:47 AM
    Moderator