locked
WHS Remote Access - Problem with this website's security certificate RRS feed

  • Question

  • My problem Internet access always says there is a problem with this sites security certificate

     

    I have tried this from may different networks and computers running XP, Vista , Windows 7 and even my Iphone. All give the same error and if I choose to continue I get IE cannot display the web page (or similar depending on the browser an PC).

     

    If I use HTTP://myserv.homeserver.com  I get the logon page on my server (I know this because I changed the welcome text). Clicking logon though gives the certificate error. Using HTTPS I get the certificate error straight away –nologon screen.

    I have had this problem for over a year and so far nothing I have read or tried has sorted it.

     

    However, when I connect within the network that the WHS is on it does work and I get onto the welcome screen and then the logon screen and I can logon.  This works with all PCs and iphone.

     

    Similarly , Remote Desktop Connection works from the intranet allowing me access to the WHS (which is a Tranquil SQSH which is headless)

     

    My router is configured manually (Linksys WRVS4400N –which does not configure using UPNP from the WHS connect) with ports 80, 443 and 4125 forwarded to my static ip address configured on WHS, upnp is also enabled.

     

    On WHS connect I have tried all sorts. Always though when I go on Remote Access (the domain name shows correctly) and Details then do Refresh I get a green tick on the first 3 (up to verifying your website is accessible from the iternet) but alway a red cross on the last one ‘verifying remote access is accessible from the iternet.

     

    I have done the usual rebooting of server, re-starting IIS and getting a requesting a new certificate, all to no avail. I have recently gone back to my original domain name (via homeserver and goDaddy)

     

    I have the luxury of two ISPs and 2 networks so I can test most scenarios from home. I have been into IIS on the WHS and noted the following.

    There are two websites shown

    Default website which drilling into properties shows ports 80 and 443 (SSL) set up. It also contains the GoDaddy certificate which looks fine (dates are ok and the site name matches the domain name on homeserver.com with HTTPS)

    The second says WHS site and has ports 5600 set upin details and a different certificate containing my internal name of the server and has been granted by a long string of characters (ie not godaddy).

     

    When I connect internaly either via IE or Remote DesktopI can view the certificate (clicking on the paddlock) and it is the one attached to the WHS site ie not the GoDaddy one).

    When I connect from the internet I can’t get a paddlock or view the certificate it is looking at.

     

    Finally I once (and only once) changed some settings (I think it was in IE options) and it worked. However, i chaged a few and then re-set some stuff (accidentally) and could not remember what I changed where! Should have left well alone but I wanted to know what had corrected it.

     

    I have spent many many hours on this and trawled the internet to no avail. I am hoping there is someone out there who can help me or suggest where I could get suitable help.

     

    Thanks in anticipation.

    Wednesday, January 13, 2010 2:05 PM

Answers

  • Thanks OLAF, more digging on the net lead me to the ciscolinksys forum on port 443. Apaprently there has been a known problem with my linksys router where it has used port 443 for VPN . This is not configurable and it is my router that is sending the strange certificate not my WHS. (Home : Routers and Access Points : Wireless Routers : WRVS4400N Single Port Forwarding of SSL port 443 not working ) thread.
    An upgrade to firmware 1.1.13 has solved the problem and port 443 is passing out the godaddy certificate as seen by me when connecting over the internet.
    Also thanks to the threads that took me to Shields up, this was very useful for checking ports and other stuff on my Router and my ISP.

    Seems like WHS behaves in my case it was all down to my Router.
    • Marked as answer by markusace Thursday, January 14, 2010 12:05 AM
    Thursday, January 14, 2010 12:04 AM

All replies

  • If I remember correctly, the certificate for the homeserver.com domain name is issued by Godaddy.
    Other domain extensions are not directly supported by WHS (some OEMs like HP may offer own solutions here), so that you always will get a warning in this case. You also get the warning window in IE, if you do use another name than that, for which the certificate has been issued (i.e. the short name in LAN or the IP address).
    If it does not work for your homeserver.com domain, you can try to unconfigure your Remote Access completely and later reconfigure (using the same Live ID).
    The message about not being able to verify remote access from Internet can have a simple reason - that your router does not support loopback connections (from LAN to Internet to LAN.
    Best greetings from Germany
    Olaf

    Wednesday, January 13, 2010 8:08 PM
    Moderator
  • Thanks OLAF, more digging on the net lead me to the ciscolinksys forum on port 443. Apaprently there has been a known problem with my linksys router where it has used port 443 for VPN . This is not configurable and it is my router that is sending the strange certificate not my WHS. (Home : Routers and Access Points : Wireless Routers : WRVS4400N Single Port Forwarding of SSL port 443 not working ) thread.
    An upgrade to firmware 1.1.13 has solved the problem and port 443 is passing out the godaddy certificate as seen by me when connecting over the internet.
    Also thanks to the threads that took me to Shields up, this was very useful for checking ports and other stuff on my Router and my ISP.

    Seems like WHS behaves in my case it was all down to my Router.
    • Marked as answer by markusace Thursday, January 14, 2010 12:05 AM
    Thursday, January 14, 2010 12:04 AM