locked
WHS 2011 RDP Gateway loses SSL cert after reboot RRS feed

  • Question

  • I am using a Go Daddy domain and SSL certificate and have modified the UseV2CertificateSupport value from 1 to 0, yet still the Remote Desktop access loses the certificate after a reboot of the server.  This makes remote access extremely unreliable when the Windows update service is set to automatic because it sometimes triggers a reboot.  Has anyone found a solution to this behavior?
    Saturday, June 18, 2011 10:09 PM

All replies

  • Was this certificate installed through the Windows Home Server dashboard, as part of registering/transferring a domain for your server?
    I'm not on the WHS team, I just post a lot. :)
    Sunday, June 19, 2011 2:29 AM
  • I tried that at first, but was unsuccesful.  I contacted Go Daddy support and they figured out that when puchasing online that there was a problem with issuing the right kind of domain and certificate.  We ended up revoking the certificate and re-issuing it.  Apparently the online process will issue the domain and certificate as a small business certe rather than a provate cert.  I'm not sure what the difference is but that seemed to have solved the problem so that the new certificate could be manually installed.  You may be familiar with the problem of the cert dissapearing from the list of certificates in IIS when the view is refreshed,  Anyway, that was what I was experiencing at first.  After the help from Go Daddy support, I'm convinced that I do have the proper certificate, it's just that a reboot will cause the cert for the RDP Gateway to get uninstalled, therefore no more remote connection to my desktop PC at home.

    Sunday, June 19, 2011 5:17 PM
  • You haven't answered my question, so I'll repeat it:

     

    Was this certificate installed through the Windows Home Server dashboard, as part of registering/transferring a domain for your server?

     

    I ask because simply buying a certificate and installing it through tools accessed from the server desktop will probably not apply the certificate properly. When you say "... so that the certificate could be manually installed. ..." it sounds like you're not using the dashboard to deal with your domain/certificate. Doing this any way but through the dashboard is unsupported, so I really have to recommend that you go back to Godaddy and work through their online purchase/installation (i.e. dashboard) process to get to where you want to be.

     


    I'm not on the WHS team, I just post a lot. :)
    Sunday, June 19, 2011 6:02 PM
  • Sorry if I wasn't clear, but what I was trying to relate was that my first attempt was a failure, so technically I would have to say no.  After getting the right domain and certificate manually installed, and then having it get uninstalled after a reboot, I could then go through the Remote Web Access wizard and complete the setup.  So at this point, maybe you could say yes, I'm not sure.  As has been documented on the web by others with third party certificates, this will install the Go Daddy certificate for the default website and a self signed certificate for HTTPS.  The work-around is to go into IIS and just edit the bindings for the default web site so that the HTTPS uses the Go Daddy certificate.  This seems to work fine except it will not survive a reboot.  This makes me wonder if I should delete the other certificates that are present(the ones that are either named my server name or my server name followed by "-CA") or are thes needed?  I really don't know enough about how all this works to make that kind of determination, so I am curious to know how many certificates are present and what they are named in a working installation.  Has anyone who has looked at this through the mmc certificates snap-in posted any screen shots from a good installation?  That could prove to be quite enlightening.  I'm just looking for clues, so thanks for your efforts so far.

    Any help is always greatly appreciated.

    Sunday, June 19, 2011 6:31 PM
  • Hi Steve,

    I had same issue few months ago. I did this:

    See if you have an alert in the dashboard, something like Remote desktop setup has problem. If yes, select repair option in this alert. I selected that option and it installed my godaddy certificate for RD gateway and problem was fixed.

     

    Tuesday, June 21, 2011 4:13 PM
  • Yeah, I have seen the "Repair" button available, even after going through editing the binding for HTTPS on the website and having everything working.  When I used the "Repair" option, it basically put me back to where I was before changing the HTTPS binding.

    I would still like to know how many certificates should be available and how they are named.  Do I really need 3 certificates, or could I delete 1 or 2 and not have a problem.

    Wednesday, June 22, 2011 8:11 PM
  • All three certificates are required.
    I'm not on the WHS team, I just post a lot. :)
    Wednesday, June 22, 2011 11:31 PM
  • i am having this EXACT same problem...I thought setting up the remote web access would be MUCH easier than it is, because i have my domain through GoDaddy and i knew that was one of the "partners" that Microsoft setup for WHS 2011. So, i started the wizard, put my domain name in and it showed a button to the GoDaddy site. Clicking the link took me to an SSL cert cart and i read that i needed an SSL certificate. No problem, i thought, i'll just purchase one of those (although expensive, if i can use my own domain then great)...well, i purchased the SSL certificate and then...nothing...no further instructions. So, i closed and clicked next in the wizard and it failed with an unknown error.

    So, i had been assuming that the wizard would install my certificate for me, but looked around and found that it didn't. So, i installed it myself and again tried the wizard. Again, unknown error - try again later...i used the registry "fix" that you mentioned above (UseV2CertificateSupport value from 1 to 0) and that let the wizard go through the end.  Personally, i don't think i should have to make registery settings, but the wizard gave me nothing to go on...the site and SSL are both through GoDaddy, so it should work fine - but it doesnt...

     

    So, after i did the registery update i went in and changed the bindings for HTTPS to my certificate that i had manually installed.  Ken, i promise you that i would have gone the wizard route if it had worked.  Having used SBS for years and years i know the wizards are the way to do things so i don't like doing things manually, but there is a serious lack of info and a "unknown error" message helps nothing...who do you call at that point?  Nobody, since i'm supposed to be my own support on this.

     

    Well, i could get to my site using my personal URL no problem, could see the shared folders, etc...but, when i tried to click on the server to remote into it i got the error:

    "Your computer can't connect to the remote computer because no certificate was configured to use at the remote desktop gateway server.  Contact your network administrator for assistance."

    Then i did what Steve suggested...i hit the "repair" button.  I tested again and this time i didn't get the error, but clicking the "connect" button on the server did nothing.  Nothing at all...no errors, nothing.

     

    I found this post and realize that it is the same issue i'm having so any help for both of us would be wonderful!

    jared

     

    Thursday, June 23, 2011 9:30 PM
  • I have the same issue. I already have a personal domain registered with Godaddy so I tried to setup the domain name with the wizard, but like other said it always eneded with an "unknown error, try again later". After searching around, I found the wotkaround of changinf the value of UseV2CertificateSupport  to 0 and manually install the ssl cert in iis7. That allowed me to complete the wizard and I'm able to login to the dashboard remotely.

    Unfortunately, like others here, I get the "Your computer can't connect to the remote computer because no certificate was configured to use at the remote desktop gateway server." error when I try to remote desktop to any of the machines on the network.

    I'm desperately looking for a way to set the right certificate on the TS gateway server, but WHS 2011 doesn't have the snap-in to manage it.

    Max


    Tuesday, July 12, 2011 1:50 PM
  • Right after posting the previous message I found the solution! I checked the available server roles in Server Manager and I noticed that RD gateway was one of the options so I installed it and I was given the option to import an existing ssl cert to use with the gateway. I picked the cert from godaddy and when I tried remote desktop it worked.
    Tuesday, July 12, 2011 2:14 PM
  • I'll be interested to hear if that continues to work after, say, your ISP changes your router's dynamic IP address. I think it should, but what you did isn't supported, and isn't really recommended.
    I'm not on the WHS team, I just post a lot. :)
    Tuesday, July 12, 2011 6:59 PM
  • Ken,

    This thread has helped me understand more about SSL certificate installation. After several days of unsuccessfully installing certficates from Go Daddy I tamporarily gave up on using my own domain for now and resorted to a Microsoft domain so Remote Web Access could be used. My seveeral days of effort included attempts at using the Dashboard wizard, mostly accessed via the Repair tool. When the wizard's instruction to "return here after" going to Go Daddy, it wasn't clear to me how to return and proceed with the wizard. Somehow I missed the details.

    I sure would like to know more about this so I can eventually use my own domain. The topic that I posted yesterday is:

    http://social.microsoft.com/Forums/en-US/whs2011/thread/94eef4b6-bdc3-4525-8b37-b6a5aa8352c7

    I thank you and otheers who post here regularly. Your collective knowledge and advice really help me with WHS. Much of this is way over my head, but it is great to have so much help.


    Charlie
    Thursday, July 14, 2011 7:23 PM
  • Ditto... Ditto... Ditto

    I used the wizard and created the SSL cert through GoDaddy.com using the existing name from my old WHS.  I had to manually import the cert from GoDaddy.com because the wizard failed to replace the self signed cert.  It all works great, the web access page loads w/o the unrecognized cert page.  BUT, my remote desktop connection gives the same error about the "Remote Desktop Gateway not configured with a certificate".  Can I get a simple "HowTo" to fix what seems to be a simple problem?? 

    Ken, you say the previous solution isn't recommended, then what is??

    Friday, September 30, 2011 2:22 PM
  • Having same issue, I use godaddy, but I used dashboard to install, it verifyied etc, my service has ran well for months, now all of a sudden I keep having issues, my IP does not change, I click on repair and it hangs up on "setting up the certificate" now the day before yesterday the repair worked, and all was normal, today its hanging,  this has been going on for about 3 weeks after 5 months of awsome service. Nothing has changed on my server. I guess I could try getting a new cert from godaddy, I remember netframework updates recently, ...maybe thats my issue. I had errors with the certifacte and them verifying

     

    Wednesday, October 5, 2011 1:41 AM
  • Hi MaxNJI,

     

    I have a similar issue and have follwed the same steps as you. However I stopped at installing the TS Gatway role as im an SBSer and did not want to break the Wizard.

    Has this worked for you since the post. If so I will follow suite.

     

    Pathetic, customer bought the Godaddy domain name and SSL outwith the wizard > I setup with Wizard and it sat on issuing SSL request ( I know this can take time to authenticate and sometimes email the registered domain owner to confirm ) gave it 4 days over a long weekend and its still there even after manual install.

     

    I posted this issue some time ago and only now finding specifcs to the 3rd stage of this in the WHS (same products as SBS essential)

     

    Anyway im ranting now as a couple of hundered pound ideal solution for the Ultra SME company who will just about pay for a Server then loose the time on rubbish setup bugs like this.  #

     

    Let me know how you got on.

     

    Best Regards

    Friday, December 9, 2011 2:56 AM
  • I just had to rebuild my Home Server and I had to dig through my notes and old posts to remember how to make RDP work from the WHS web portal. I can confirm that manually adding the RD Gateway role and the using the certificate (imported with key from previous install) on both IIS and RD Gateway, works perfectly.

    So to sum it all up:

    1. If the domain name wizard fail and you want to use an existing domain you regeistered, use the registry trick explained in this post 
    2. For the SSL certificate either import an existing one (with key) or request one using IIS
    3. Add RD Gateway role
    4. Use the SSL certificate for bots IIS and RD Gateway

    I have been using this setup for few months without issues.

    P.S.
    Ken, supported or not, when the built in Wizard is broken out of the box, I don't see any other way around it. As for my public IP, it doesn't change that often and I use Dyndns to keep it up to date using mydomain.dyndns.org, then on the DNS manager from GoDaddy, I just created a CN remote.mydomain.com that points to mydomain.dyndns.org, so no matter what it is always up to date.


    • Edited by MaxNJI Monday, March 26, 2012 2:29 PM
    • Proposed as answer by Django63 Saturday, June 9, 2012 5:15 AM
    Monday, March 26, 2012 2:23 PM
  • I just had this issue recently, and I find it difficult to setup the certificate on the wizard.  As much as I wanted to process everything through the wizard, no luck, the process was broken, and no result help from GoDaddy.  I figured I would just install everything manually.  One thing I notice is that after a succesful install, I don't reall need to use Godaddy certificate since I will be setting it up manually. MaxNJI was right although not in detail.  But the the steps he provided is just an overview on how to resolve the issue.

    On my Notes:

    1. create a certificate request from ->IIS7->Server certificates.  (Make sure you create a 2048 bit)

    - saVE it as a txt file so you can copy the contents later.

    2.  purchase a standard SSL Certificate from a provider (GoDaddy, or Network Solutions), and go to the process of aquiring the certificate.

    -Once the certificate is approve and ready to download from go daddy, YOu will need to install the certificate to the following location.

     -Please follow this guide: Installing an SSL Certificate in Microsoft IIS 7 http://support.godaddy.com/help/article/4801/installing-an-ssl-certificate-in-microsoft-iis-7

    This should take care of website error certificate. As for the RDP issues on the machines inside your network, you will have issues connecting stating an error on a gateway certificate.

    To solve that issue, do the following

    3.  Add additional role on your server "Remote Desktop Services", make sure to select "Remote Desktop Gateway" and go through the wizard.  Make sure to select your GoDaddy Certificate.

    Once installed, you can try your remote access from a browser outside your network.

    Apologize for not being specific as the steps depend on the Certificate provider, but you should focus your research in this area.

    BTW, should you buy an SSL Certificate at GoDaddy, use this promo code to get a great discount "PromoSSL".



    • Edited by Django63 Saturday, June 9, 2012 6:51 AM
    • Proposed as answer by RWWilkins Thursday, July 12, 2012 7:51 PM
    Saturday, June 9, 2012 5:35 AM
  • All. Do exactly as Django63 and MaxNJI have said and you will resolve the issue. GoDaddy and MS both will just point fingers at each other and will never really resolve the wizard issue. I've ben on call after call with both of them. I figured out the hard way how to resolve the issue and wish I would have stumbled on this thread sooner!
    Thursday, July 12, 2012 7:50 PM