Remote Web Access Deployment Guide for Small Business Server 2011 Essentials, Home Server 2011 and Windows Storage Server 2008 R2 Essentials

Remote Web Access (RWA) is a web based portal on Small Business Server 2011 Essentials, Home Server 2011, and Windows Storage Server 2008 R2 Essentials that allows for remote access to files on the server, to workstations that support remote desktop, and other resources remotely.  For an overview, you can view this video.

Background

RWA depends on two set of configurations to work properly:

  1. Router and DNS configuration on the server -- this will ensure the right network settings for RWA site and RDP access.
  2. Domain and certification of the RWA page, this involves user's interaction with domain/cert provider and the RWA site, and provide domain and SSL cert for the RWA communications.

There are 2 wizards that help automating the above configuration efforts.  If you choose to manually configure these settings, you should strictly follow the guidance to avoid complications.

Prepare the Router

  1. Make sure your ISP does not block port 80(http), or 443(https). If the port is blocked, you may not be able to use the service.  Also check to ensure that it's allowed under the terms of use by your ISP provider.  If they do not allow it, there are ways with dynamic IP providers to provide alternative port access.  This document will not cover that and we suggest you post in the appropriate forum (Small Business Server 2011 Essentials and Windows Storage Server 2008 R2 Essentials (joint forum) and Windows Home Server 2011 forum.  Remote Web Access can work with only Port 443 open if your ISP will not support Port 80.
  2. Run “Turn on Remote Web Access” wizard to automatically configure the router.
  3. For manual router configuration, Please refer to http://social.technet.microsoft.com/wiki/contents/articles/windows-small-business-server-2011-essentials-router-setup.aspx for Small Business Server 2011 Essentials and Windows Storage Server 2008 R2 Essentials  and http://social.technet.microsoft.com/wiki/contents/articles/windows-home-server-router-setup.aspx for Home Server 2011 to configure router if you fail at “Turn on Remote Web Access” wizard.
  4. If the router configuration errors out and indicates that it cannot configure the router via UPnP and then you must manually open the needed ports.  This is a normal and expected error message if UPnP is disabled on the router.  Ignore this error message and just manually configure your router and open the needed ports using the process documented by your router manufacturer for opening firewall ports.
  5. To test whether you router configuration is ready for RWA, you can try to access https://[IPaddress]/remote from outsite of your router, and make sure you can access it without problem.

 

Prepare the RWA domain and cert

For SBS 2011 Essentials/Windows Storage Server 2008 R2:

The RWA configuration wizard only supports the purchasing of the domain name and SSL cert from Godaddy/Enom. If you have never before purchased a domain, using this process will be the easiest route and you should be able to finish the purchasing and configuration using the wizard.

If you want use a certificate or domain outside these two scenarios, manual steps are required:

  1. If you already have a domain but not registered and also don’t want to transfer your domain to be managed by Enom/Godaddy, you should choose Manually Configure. Please refer to http://sbs.seandaniel.com/2011/06/how-to-manually-configure-sbs-2011.html  for detailed steps
  2. If you already have a domain managed by Enom and Godaddy but you want to use other certificate which is sold by other third party SSL vendor, please follow http://social.technet.microsoft.com/wiki/contents/articles/manually-install-an-existing-ssl-certificate-into-small-business-server-2011-essentials.aspx .
  3. For other scenarios, please follow the domain configuration wizard and refer the help link in the wizards to complete it.

For Windows Home Server 2011

  1. If you already have a domain managed by Enom and Godaddy but you want to use a third party certificate which is supported or sold by another vendor, please follow http://social.technet.microsoft.com/wiki/contents/articles/manually-install-an-existing-ssl-certificate-into-small-business-server-2011-essentials.aspx .
  2. For other scenarios, please follow the domain configuration wizard and refer the help link in the wizards to complete it


Common Known issues

Domain configuration wizard Errors:

  1. Using the Windows live domain fails at end of the wizard         

Symptom: Error message shown up in the wizard, the error message is "Domain Name Setup Failed. An unexpected error has occurred communicating with the Windows Live Domains service. 80000190"

Solution: Correct the server time, and ensure both the server and client's time are in sync, and rerun the wizard.
Solution: At times this can be caused by temporary Internet conditions and unavailabili
ty of LiveID., wait a few moments and try again.
     
    2. Setting up a domain from Enom, a user who doesn’t buy the domain from Domain configuration wizard will fail at end of the wizard.                                    

Solution: Enom recently fixed this problem, and you should no longer see this issue, please rerun to fix the problem.

     3.
Enom/Godaddy user who attempts to use another vendors SSL cert which is not bought as part of the domain configuration wizard, will see a failure at end of the wizard.                          

Solution: refer wiki http://social.technet.microsoft.com/wiki/contents/articles/manually-install-existing-ssl-certificate-into-small-business-server-2011-essentials.aspx

Problem when accessing RWA and attempting to connect to a workstation via RDP:

  1. In Windows XP SP3 client will fail to remotely connect to Server.        

Symptom:  
Error 1:
An error occurred while sending data to the Remote Desktop Gateway server. The server is temporarily unavailable or a network connection is down. Try again later, or contact your network administrator for assistance.
Error 2:
Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.
If you ignore the error message and click Connect again, you will be able to connect to the remote server.

Solution:  turn on CredSSP (refer http://support.microsoft.com/default.aspx?scid=kb;en-us;951608 (see also the release notes for SBS 2011 Standard for similar issue)

       2. User can use remote desktop from home network but can’t access it from Remote Web Access.
Symptom
Remote Access Error '-212147024893' error when click on any PC or Server in the Remote Web Access portal.

Solution: A. Make sure the router is configured correctly (http://social.technet.microsoft.com/wiki/contents/articles/windows-small-business-server-2011-essentials-router-setup.aspx#NetgearRP614

  1. Make sure your ISP supports opening these ports
  2. Check if the DNS forwarder setting is correct.