May 17, 2011 4 Comments
(I did screen shot this post but for some reason when i posted they got all jumbled, and the formatting was messed up! so enjoy the plain text, 56k dialup version)
I have my lab server situated at home, but from time to time a question crops up during the working day that requires me to login to my lab setup and look things up.
As part of my lab setup i have SBS 2011 Standard running, but curiously i have been unable to access this from my work PC using IE and RWA(RWW).
If i RDP to the host Hyper-V box, it works perfectly. If i attempt to go to the external IP of the router at home in IE, it works perfectly.
If i use Firefox to go to the RWA page, it works perfectly, i just get a blank response from IE.
The question is, what could be causing it? Skip to Solution?
First, i am trying the obvious things, Resetting IE to defaults, restoring advanced settings.
What i find interesting here, is that IE is seemingly not even attempting to connect to the page – if you hit F5 to refresh the page it is instantly coming back with the failure.
I am now going to switch to WireShark to see if i can see anything happening on that level. For those of you who don’t know – Wireshark is a protocol analyser, and allows you to see in real time the traffic going across ‘the wire’, of your LAN connections. You can download it for free from here: http://www.wireshark.org/
There are tutorials and help files, and if you haven’t used the program before it can be a bit overwhelming to see the packet captures whizzing past.. so i would recommend you run through those before you start using the program.
I know what i want to find out here, so, i can go straight to inputting a capture filter, to only show me traffic destined for my SBS 2011 server.
The filters can be quite tricky, but to only display traffic destined for one IP enter – ‘ip.addr == <ip address>’
You will then need to go into ‘Interfaces’, (click Capture, then Interfaces) to select which Interface you want to monitor (Click Start, next to the interface you want to monitor)
Once you have clicked start, you will see a blank screen, because there is no traffic flow to that destination IP. To test your filter, you may want to PING that IP address to verify the capture shows those packets.
Now, lets try to gain access to our RWA site.
I see nothing in my packet capture.. (only my ping responses)
It seems as though IE has cached some bad response, or unavailability of the service, and is refusing to attempt a connection.. Very Odd.
Just to confirm that or packet capture would actually pick up an RWA access attempt, switching back to Firefox i refresh my page..
Lots of info flows past – so we are definitely seeing a connection attempt from FF. Still – why nothing from IE?
So, i decided to reinstall IE on my computer.
Just a note for those of you running Win7 (i am running Win7 x64) IE8 ships installed on Win7, so you cannot download it!
To reinstall you must go to Control Panel, then Programs and Features. Choose to ‘Turn Windows Features On or Off’ then find IE8 in the list and uncheck it. Reboot, and then Check it to kick off the reinstall.
After a reinstall i was quietly confident this would solve the issue. Unfortunately not.#
At this point i was beginning to run out of ideas.
I decided to turn to some of my online friends for some pointers. Enter Tim Barrett.
Tim offered to connect up to my pc so we could both play around with settings to see if we could solve the issue.
We went through several things, including adding an entry to the hosts file, resetting IE (including using the clear personal settings option), we ran IE with and without Add-ons, and we ran it in both x64 and x86 (32bit) mode.
Nothing worked, and what was stumping us was the lack of activity in WireShark.
We then loaded up Windows XP Mode on my PC and confirmed that it was working correctly.
It was and i could access RWA perfectly well through XP Mode
Tim began searching online, and turned up a post from Experts Exchange that mentioned if you were using a Self Signed Certificate to make sure it was installed correctly and that eventually lead us to the solution.
I was indeed using a self signed certificate on my SBS box. But that shouldn’t stop me visiting the site, right?
Well as it turns out, it was.
I got the root CA certificate exported into .cer format and onto my machine, and installed it. As soon as i did this i was able to load RWA in IE. I removed the certificate again to test, and sure enough my access was once again failing.
So, to install the certificate..
Firstly you will need your SBS Server CA certificate. This can be distributed in a number of different ways.
On my network i have a share where the certificate resides. This is accessible via RWA – so via Firefox i could download this to the pc. Other methods would be through email, or pen drive transfer.
Once you have the file on your computer, open an MMC.
Click Start, then type MMC in the search box.
Click on MMC, then accept the UAC prompt.
Click File, then Add/remove snapin.
Find Certificates in the list of snapins, and click Add.
In the next box select ‘Computer Account’ and click OK.
Click OK to accept the default ‘Local Computer’
Click Ok to close the ‘Add Snapin’ Dialogue.
Now, expand ‘Trusted Root Certificate Authorities’
Expand ‘Certificates’ and right click, then click All Tasks, and then Import..
Follow the import certificate wizard, find your .CER file and continue to import it. When you have finished you will see a successful import message.
Now test your RWA access and you should find you can now connect!