Quick Fix : Clean-up Duplicate Remote Web Access Certificates

July 4, 2018 by 16 Comments

SSLI noticed this thread in the forum a while ago, and setup a Lab network to reproduce it. Sure enough after a few days, my local machine certificate store is full of duplicated certificates.

The issue only seems to affect Essentials 2016 and only if you are using the free remotewebaccess.com certificates.

The issue is also discussed here on the MCB Systems blog.

Unfortunately for me work took over and i was not able to spend any more time on it, and with responses from Microsoft for any Essentials related issue being, shall we say, pedestrian, i wont be holding out any hope of a fix soon.

Read more of this post

Filed under 2016, Essentials, General, PowerShell Tagged with , , ,

Setting up Remote Web Access on SBS 2011 Essentials Part 2

July 15, 2011 by 102 Comments

In the last part of this post, i went through how, and how not to setup RWA on SBS 2011.

I had problems with the GoDaddy process, so wanted to give eNom a try.

So i had just removed the domain from the RWA site, and i am starting afresh.

This time i am going to purchase the domain name through the wizard.

1

I want to use one of the supported providers..

2

I want to use eNom

3

This is the domain name i want to try…

4

Aha, it is available – great i want to register it, so i click on Register Now.

5

I am taken to eNom’s website..

6

I wont bore you with setting up an account, but i also chose their very kind offer of an SSL certificate as well!

7

(i can see here it is actually saying ‘transfer’ i believe this is related to something a little further along. At this point i did everything i was prompted to do, and did not change anything)

Purchase complete, and i am now back to the wizard. You need to enter the credentials you created when signing up with eNom and click next.

8

9

What’s that now? Invalid, surely not, i just purchased this domain with your wizard?

So it would seem, that at this point, something went wrong with eNom, as i review my emailed receipt and i was only charged for the SSL, not the domain. Weird!

OK i thought, no big deal.

I went to the site directly and registered the domain name manually. Restarted the wizard, of course this time i already owned the domain.

10

I am lazy, so i want to setup my domain automatically..

11

Hmm, i was expecting this to pickup the fact my domain was at eNom.. it didn’t. So i choose eNom and click Next.

12

Eh, what now?

Transfer? What Transfer? i just bought the domain.

I thought for a few moments, and figured, well it is a new domain, maybe it is not setup – so yeah ok, lets continue..

13

Now the interesting point, it shows my domain as co.uk – which obviously is not right.

14

This appears to be a problem with the wizard itself, not handling second level domains correctly.

This is an annoyance of course, however we can work around this.

So let’s review at this point.

We have purchased an SSL Certificate and a domain name.

I am restarting the wizard..

15

If you choose to manually setup the domain you will need to be able to edit the DNS records for your domain and point them to your router.

You will need at the very least to add an A record for ‘remote.yourdomain.com’ for the public IP of your router, and make sure that email is either being forwarded to another provider, or set MX records to go to your preferred email provider.

You may also need an A record for WWW to point your public website.

That is beyond the scope of todays debacle however..

17

You will need to confirm that you have setup your domain name manually, and then you can click next.

18

Now for the SSL, as we already purchased our SSL Cert, the options here are not straight forward.

We have purchased our certificate, but it is not ‘existing’.

Existing is for certificates already in place on the server. You need to select, i want to purchase..

20

Before you click next, you need to click Advanced. If you don’t then the Certificate Signing Request (CSR) will be for the domain shown – not the full name we want to use.

Click Advanced, then fill out the domain name as shown – we need to have our prefix as shown, and you can see below how the domain name for RWA will actually look..

21

Click on OK, and you are back to the previous page.. this time with the correct name for your CSR.

22

When you click Next you will be presented with your CSR. You can copy this or save it to a file for later use.

23

So i copy this info to my clipboard and go to the eNom site, login and head for SSL Certificates..

24

Click on the RapidSSL option..

25

You need to choose Outside Hosting, and i also chose the type of server i have..

26

27

Delete the text in the CSR field, and paste in your CSR.

28

Scroll down and click Submite Certificate.

29

At this point you may say something rude – if you dont have email already setup for your domain, as i didnt. Of course i was forgetting that the SSL authorisation procedure will require authorisation from the domain owner, which is usually done by email. I quickly had to go and setup email forwarding for this test domain to my actual email address..

30

I chose a suitable email address and submitted the details..

31

32

You are then returned to your Manage SSL home page, and the status is now Processing.

33

Switch over to your email client and keep an eye out for a SSL Certificate request type email..

IMG_0864

Scroll down and follow the link to approve..

You will be taken to a GeoTrust website and have to click on the Approve button.

IMG_0865

Your certificate will then be emailed to you as plain text, and it will look almost identical to your CSR.

IMG_0866

My advice here is to copy and paste this into a new text file and save it as SBS.cer

Now back to our Wizard.. we can now choose that we have our SSL information and click Next.

34

As i saved my certificate to a file, i can now browse to it, alternatively you can just paste that info into this box..

35

Click next, and we are all done!

36

Click Close to go back to the Server Settings\RWA page.

37

So what has all of this taught me?

I am afraid i can only so far draw a negative conclusion on this process.

I think Microsoft have to be applauded for the idea, and the theory is sound, however in practice i think this is a huge undertaking, and as always the more you try to cater for, the more variables you have to account for – the more places something can fall down.

I do not think a DIY’er (or off the shelf purchase of essentials) would have got through this without resorting to calling in an expert, giving up, or died of old age waiting for a non existent certificate to show up.. Smile with tongue out

Having said that, i am also confident that this can be resolved with feedback given to the right people.

So to end on a positive, soothing that people do not seem to be aware of yet – is that Microsoft are giving away a free domain name, AND, a free SSL certificate with SBS Essentials.

Yes, you heard me right!

So, how do i get one?

Just like this…

40

Choose a new domain name…

41

You want the free one!

42

You will need a Windows LIVE ID!!

43

44

Read and accept the license agreement…

45

Choose your prefix. All of the free domains will be domain.remotewebaccess.com

46

Click to check availability.. if it is available, click Set Up!

47

48

DONE!

49

Is it ironic that i am using firefox in this shot?

50

That is a number of ways the RWA wizard can work out for you!

As i said above, you have to applaud the idea, the execution at this time has been poor.

But on a plus, the freebie domain and SSL work perfectly, and who can argue with that price?

Filed under General, SBS E, Tips & Tricks Tagged with , , ,

Setting up Remote Web Access on SBS 2011 Essentials Part 1

July 15, 2011 by 6 Comments

EDIT- A lot of the issues in the wizard are resolved by installing Update Rollup 1 for SBS Essentials

I have seen a number of questions on the SBS Essentials forum relating to setting up domains and SSL certificates on SBS 2011 Essentials.

I hadn’t run through this procedure fully as i did not have any domains hosted on one of the supported registrars, so i decided to bite the bullet and buy one.

SBS2011-Essentials.com is now mine, and i registered it with GoDaddy – directly on there website, not using the SBS Essentials ‘Setup Domain Wizard’ i chose to do that because i am thinking most people will already have a domain name they want to use.

1

Now my domain is all up and running i can use the Setup Domain Wizard on the SBS Essentials server to configure my server to use this domain for remote access.

I have two choices here, i can either run this from my workstation, or i can logon to the server console directly to do it.

I am going to run mine from the server console, just because i think most people will be doing that.

Firstly before you start, disable IESC (please make sure to enable it again when you are finished)

SBS MVP Wayne Small wrote a neat blog post on how to do that and you can find that here

Secondly, if you are using GoDaddy.com, make sure to add *.godaddy.com to your trusted sites in Internet Explorer (i didnt do this to start with and had a lot of trouble with the website) I also changed my Trusted Sites security level to Medium-Low for this task.

2221

To start the wizard, go to Dashboard and click Server Settings, then go to Remote Web Access, then click Set Up

2

You will be asked if you already have a domain name, or if you want to setup a new one. I have one i want to use so that is what i choose.

4

The wizard will lookup your domain name to see if it’s hosted with one of the two current supported registrars – GoDaddy or Enom. If it is detected you will be prompted to go to their site to purchase an SSL certificate, if not you’re asked if you want to transfer it, or setup manually.

5

NB, this wizard can skew off into about a million different possible directions, its like trying to map the universe using a pen and paper trying to blog this thing Smile with tongue out

So anyway,  let’s assume it was detected at GoDaddy and you go to their site. If you havent followed my advice above you will have to do so now, adding the site to trusted sites etc to get the GoDaddy website to function correctly.

7

You will also have to close the windows and open it up again ‘As Administrator’ I don’t know why this could not have been coded up to do that for you, but there you go.

So copy the URL from the IE address bar, and then launch IE as administrator.

Click on Start, then right click IE and click Run as Adminisatrator

When the IE window opens, paste the address into the address bar.

You will now be prompted for your credentials.

8

When you login you are presented with a few options. Choose whichever services you want, and go to the checkout.

9

Again, fun and games with the website here for me, it wouldn’t let me ‘checkout’ unless i selected an additional service, or chose to have the SSL for more than one year. You can choose whatever you like here to get to the checkout/basket then simply remove the items you don’t want.

13

 

 

Continue on to the checkout and pay for your items.

14

Now you can close out, and go back to your wizard.

You will be prompted for the credentials of your GoDaddy account.

17

Click on Next to continue..

18

19

I was expecting this to be the end of the process, unfortunately not.

At this point – i broke things.

Being the impatient person i am, i wanted to hurry things along, so i logged into the GoDaddy site and managed to ‘use’ my SSL credit. This is normal procedure for SSL purchases with GoDaddy, however you must not do this with SBS Essentials. I am informed by Sean Daniel of Microsoft who helped me with this process, and also his contacts at GoDaddy that basically i broke things, which is why my SSL purchase failed.

(ok the purchase didnt fail, the CSR and Signing Process failed,

Having said that, SBS Essentials did not tell me any of that Smile with tongue out it sat there quite happily waiting for a certificate to be issued by GoDaddy, which was never ever going to happen.

I gave it aproximatley 48 hours as well.

If you are interested you can find the logs for the wizards and other aspects of SBS Essentials here:

c:\ProgramData\Microsoft\Windows Server\Logs\ and the log file for this process is…  SharedServiceHost-DomainManagerServiceConfig.log )

20

I am told however, that if i had not done this, it would have worked.

If you do find yourself in that situation the only resolution is to get support to refund your SSL purchase or, go through the SSL Install manually. I chose a refund and this i have to say was very easy and their support staff were both charming and efficient.

So anyway, being the kind of guy i am , i thought OK, well lets have another go.

This also proved to be a bad idea. It seems that either my server, or my domain name are now stuck in some sort of crazy loop, where i am unable to purchase an SSL using the Wizard.

Not to worry, i am an uber rich MVP who has money to burn, and time to test the latest and greatest Microsoft has to offer, ill buy another domain name and another SSL.

This time i turned to eNom.

it is relatively easy to remove any domain name from SBS Essentials, you just click Setup, from Server Settings/Remote Access, and follow the wizard to remove the domain name.

30

31

32

33

I will continue this story in Part 2

Filed under General, SBS E Tagged with , , ,

%d bloggers like this: