- We have a server running Windows Small Business Server 2011 Essentials. It is the only server on the domain and runs Active Directory and is the Domain Controller. It also manages the firewall and certificate services.
- We have a web-address setup similar to https://remote.mycompany.com which on visiting is redirected to a Static IP at our office at which point you were prompted to loin to the server
- We have an SSL certificate applied to the server/domain/website for the remote connection
- This was all working and going to the website we could log in and view the computers on the network, view files etc. We could also get a RDC link and then connect to each computer.
Sadly something has changed without me knowing and I cannot figure out why we now cannot connect either to the website or RDC.
Currently the only signs on the server something is wrong is if I log into the server directly and open the Dashboard I see there are some errors in the Alert Viewer.
- "The firewall is not configured correctly and may be blocking remote web access"
- "Remote Desktop services is not configured correctly. You must configure Remote Desktop Services to remotely connect to computers on the network"
If I click repair for both of these items the errors go away but sadly the problem is not fixed, on reboot they return.
Now I have fully disabled the firewall and this means the remote web page works, I can log in but I get SSL certificate warnings. RDC still won't work. I have also tried to change the firewall rules to allow RDC but I have no clue what I should add or how. I also know the SSL cert hasn't expired.
Checking out the server event logs I did notice one odd error.
Event 91: Something to do with the Activity Directory Cert Service not being able to connect to the Active Directory. However after looking at the Microsoft tech support site this apparently is not really an issue as it is caused by the order services start in.
Has anyone seen this or know what is wrong or even where to look.
Best Answer
Honestly, I don't know for 100% certain, but based on experience with SBS08...
I suspect it really is an issue. All those services on the same box sometimes start in non-dependency order, and the cert warnings... well. Remote desktop, your SBS site, etc., all use those certificates. For whatever reason, your AD services are taking longer to start than usual, and your Cert service comes up before them.
(Also, if your SBS server takes over 30 minutes to shut down, well, that's also a service dependency thing. Exchange tries to contact AD when shutting down, but AD shuts down first. But I digress.)
To test that, try restarting the cert services, followed by all the misbehaving services (terminal services, etc.), and see if that helps.
My first recommendation would be to put up a backup domain controller. Not only would that prevent the cert service coming up before AD, but it's also a good practice from a recovery standpoint.
Barring that, you might want to look at the order services start in and consider whether or not you want to tamper with that.