Setting up Remote Web Access on SBS 2011 Essentials Part 2
July 15, 2011 70 Comments
In the last part of this post, i went through how, and how not to setup RWA on SBS 2011.
I had problems with the GoDaddy process, so wanted to give eNom a try.
So i had just removed the domain from the RWA site, and i am starting afresh.
This time i am going to purchase the domain name through the wizard.
I want to use one of the supported providers..
I want to use eNom
This is the domain name i want to try…
Aha, it is available – great i want to register it, so i click on Register Now.
I am taken to eNom’s website..
I wont bore you with setting up an account, but i also chose their very kind offer of an SSL certificate as well!
(i can see here it is actually saying ‘transfer’ i believe this is related to something a little further along. At this point i did everything i was prompted to do, and did not change anything)
Purchase complete, and i am now back to the wizard. You need to enter the credentials you created when signing up with eNom and click next.
What’s that now? Invalid, surely not, i just purchased this domain with your wizard?
So it would seem, that at this point, something went wrong with eNom, as i review my emailed receipt and i was only charged for the SSL, not the domain. Weird!
OK i thought, no big deal.
I went to the site directly and registered the domain name manually. Restarted the wizard, of course this time i already owned the domain.
I am lazy, so i want to setup my domain automatically..
Hmm, i was expecting this to pickup the fact my domain was at eNom.. it didn’t. So i choose eNom and click Next.
Eh, what now?
Transfer? What Transfer? i just bought the domain.
I thought for a few moments, and figured, well it is a new domain, maybe it is not setup – so yeah ok, lets continue..
Now the interesting point, it shows my domain as co.uk – which obviously is not right.
This appears to be a problem with the wizard itself, not handling second level domains correctly.
This is an annoyance of course, however we can work around this.
So let’s review at this point.
We have purchased an SSL Certificate and a domain name.
I am restarting the wizard..
If you choose to manually setup the domain you will need to be able to edit the DNS records for your domain and point them to your router.
You will need at the very least to add an A record for ‘remote.yourdomain.com’ for the public IP of your router, and make sure that email is either being forwarded to another provider, or set MX records to go to your preferred email provider.
You may also need an A record for WWW to point your public website.
That is beyond the scope of todays debacle however..
You will need to confirm that you have setup your domain name manually, and then you can click next.
Now for the SSL, as we already purchased our SSL Cert, the options here are not straight forward.
We have purchased our certificate, but it is not ‘existing’.
Existing is for certificates already in place on the server. You need to select, i want to purchase..
Before you click next, you need to click Advanced. If you don’t then the Certificate Signing Request (CSR) will be for the domain shown – not the full name we want to use.
Click Advanced, then fill out the domain name as shown – we need to have our prefix as shown, and you can see below how the domain name for RWA will actually look..
Click on OK, and you are back to the previous page.. this time with the correct name for your CSR.
When you click Next you will be presented with your CSR. You can copy this or save it to a file for later use.
So i copy this info to my clipboard and go to the eNom site, login and head for SSL Certificates..
Click on the RapidSSL option..
You need to choose Outside Hosting, and i also chose the type of server i have..
Delete the text in the CSR field, and paste in your CSR.
Scroll down and click Submite Certificate.
At this point you may say something rude – if you dont have email already setup for your domain, as i didnt. Of course i was forgetting that the SSL authorisation procedure will require authorisation from the domain owner, which is usually done by email. I quickly had to go and setup email forwarding for this test domain to my actual email address..
I chose a suitable email address and submitted the details..
You are then returned to your Manage SSL home page, and the status is now Processing.
Switch over to your email client and keep an eye out for a SSL Certificate request type email..
Scroll down and follow the link to approve..
You will be taken to a GeoTrust website and have to click on the Approve button.
Your certificate will then be emailed to you as plain text, and it will look almost identical to your CSR.
My advice here is to copy and paste this into a new text file and save it as SBS.cer
Now back to our Wizard.. we can now choose that we have our SSL information and click Next.
As i saved my certificate to a file, i can now browse to it, alternatively you can just paste that info into this box..
Click next, and we are all done!
Click Close to go back to the Server Settings\RWA page.
So what has all of this taught me?
I am afraid i can only so far draw a negative conclusion on this process.
I think Microsoft have to be applauded for the idea, and the theory is sound, however in practice i think this is a huge undertaking, and as always the more you try to cater for, the more variables you have to account for – the more places something can fall down.
I do not think a DIY’er (or off the shelf purchase of essentials) would have got through this without resorting to calling in an expert, giving up, or died of old age waiting for a non existent certificate to show up..
Having said that, i am also confident that this can be resolved with feedback given to the right people.
So to end on a positive, soothing that people do not seem to be aware of yet – is that Microsoft are giving away a free domain name, AND, a free SSL certificate with SBS Essentials.
Yes, you heard me right!
So, how do i get one?
Just like this…
Choose a new domain name…
You want the free one!
You will need a Windows LIVE ID!!
Read and accept the license agreement…
Choose your prefix. All of the free domains will be domain.remotewebaccess.com
Click to check availability.. if it is available, click Set Up!
Is it ironic that i am using firefox in this shot?
That is a number of ways the RWA wizard can work out for you!
As i said above, you have to applaud the idea, the execution at this time has been poor.
But on a plus, the freebie domain and SSL work perfectly, and who can argue with that price?