none
To connect to Remote Web Workplace, you must install the proper certificate - RRW doesn't work externally

    General discussion

  • Internally, on a domain connected workstation, if I go to https://servername/remote, I can log to Remote Web Workplace fine and remotely access any computer.

    However, if I try to do this remotely, from home for instance, I get the following message

    "To connect to Remote Web Workplace, you must install the proper certificate. Contact the person who provides technical support for your network." 

    We have SBS 2008.

    I'm presuming this is because the internal domain connected workstations have the self signed certificate installed, but external workstations obviously don't have this installed.

    What do I need to do to in order to enable RWW from external computers (e.g. home computer).

    Presently we use LogMeIn Free for remote access - mainly due to ease of use, security etc but I want to switch over to RWW since it's part SBS.

    Thanks in advance.

     


    Wednesday, January 04, 2012 4:51 PM

All replies

  • What version of SBS as there is a difference in how the self-signed cert is distributed/installed? Save yourself the hassle and get a trusted 3rd party cert.

    Steve

    <BadBoyHouse> wrote in message news:ac8e850d-a385-4c00-9234-eb25293cd490@communitybridge.codeplex.com...



    Internally, on a domain connected workstation, if I go to https://servername/remote, I can log to Remote Web Workplace fine and remotely access any computer.

    However, if I try to do this remotely, from home for instance, I get the following message

    "To connect to Remote Web Workplace, you must install the proper certificate. Contact the person who provides technical support for your network."

    I'm presuming this is because the internal domain connected workstations have the self signed certificate installed, but external workstations obviously don't have this installed.

    What do I need to do to in order to enable RWW from external computers (e.g. home computer).

    Presently we use LogMeIn Free for remote access - mainly due to ease of use, security etc but I want to switch over to RWW since it's part SBS.

    Thanks in advance.

    Wednesday, January 04, 2012 4:55 PM
  • SBS 2008. 

    Sorry, should have mentioned this.  I have amended first post.

    Wednesday, January 04, 2012 4:59 PM

  • As the error says, "To connect to Remote Web Workplace, you must install the proper certificate"

    And here's the link:

    http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

    Wednesday, January 04, 2012 5:19 PM
  • If only it were that simple.  I have tried that already - on multiple external computers (i.e. non-domain workstations outside of the office) but it doesn't make any difference.
    Friday, January 06, 2012 8:26 AM
  • And you browse https://remote.domain.com/remote and this same entry is present on your cert's SAN?

    This is unusual....if you have installed the root cert then it should work.When you browse the url from external client after installing the root cert do you get any cert error....like the address bar turns red or you have to click continue to browse to the website?

    Friday, January 06, 2012 11:58 AM
  • Yes, externally I do get the message about clicking continue to browse to the website.

    Internally, I can use https://servername/remote and this works fine

    However, if I use https://serverpublicip/remote, it fails and I get the address bar in red and the message about clicking to continue.

    It must be something to do with the external address in the certificate.

    Friday, January 06, 2012 12:06 PM
  • so there we are....you need to browse by the name on ur certificate's SAN....by IP the authentication fails since IP is not on your SAN and hence the connect computer feature fails.If you browse by SAN name then you will not get cert error or click continue with a red x as well.....
    • Edited by Jkazama Friday, January 06, 2012 12:13 PM
    Friday, January 06, 2012 12:12 PM
  • I cant use https://servername/remote externally as "servername" resolves to our internal server's ip address.

    Presumably I need to add an entry to the certificate?

    Friday, January 06, 2012 12:19 PM
  •  Certificate's SAN are created by default when you run IAMW wizard......you need to browse by that name which you used when you ran IAMW wizard:

    http://blogs.technet.com/b/sbs/archive/2008/10/16/introducing-the-internet-address-management-wizard-part-2-of-3.aspx

     

    [nopes....no editing of default PKI cert in SBS.....its not recommended]

    Friday, January 06, 2012 12:25 PM
  • Important: Please do not mark an answer as complete unless I have agreed this has resolved the problem

     

    This has not yet been resolved.  I have noticed the same issue on a number of other SBS 2008 servers, which I did not configure, but now look after.

    The name that was used when the cert was originally set up is the INTERNAL name: https://servername/remote.

    I need to configure the server to accept connections from both INTERNAL AND EXTERNAL connections:-

    https://servername/remote (internal)

    https:://publicip/remote (external)

     

     

     

    Monday, January 09, 2012 10:35 AM
  • Why are you stressing on public ip?Don't you have an external domain name...like remote.contoso.com?

    That is what you should use in RWA and that is what you should use to run IAMW wizard:

    http://blogs.technet.com/b/sbs/archive/2008/10/16/introducing-the-internet-address-management-wizard-part-2-of-3.aspx

     

    Its recommended and suggested to have a public domain name to access your network from outside,using jus the ip will not work.

     If you still want to use the IP only then you can use the below mentioned KB to edit the default cert and add an entry in the SAN for the IP ,but, I must caution you that its not adviced on an SBS box:

    http://support.microsoft.com/kb/931351

     

    • Edited by Jkazama Monday, January 09, 2012 11:13 AM
    Monday, January 09, 2012 11:10 AM