Thursday, 22 April 2010

Exchange 2007 SP2 via TSGateway RDP on SBS 2008 = No Go

While running Exchange 2007 SP2 on one of our local client’s SBS 2008 boxes remotely we were disconnected from our TSGateway based RDP session.

When we tried to get reconnected we received a TSGateway error on the SSL certificate. Click on the certificate and it turned out that the GoDaddy certificate was no longer there. The one that was there was not the original self-issued certificate either as we had that installed on our management system.

So, the moral of this story is pretty clear. Have RDP port 3389 opened and directed to SBS 2008 and use a direct RDP connection to run Exchange 2007 SP2 via the SBS Wrapper.

An even better solution is to have an out-of-band remote management device such as Intel’s RMM, Dell’s DRAC, and HP’s iLO (with Advanced KVM activated) to run this particular update.

We were fortunate that the client was only 5 minutes away so we could pop by their shop and run the SBS Wrapper’s clean-up steps which reseats the GoDaddy certificate among other things. We did not experience this situation prior to this because the previous Exchange 2007 SP2 installs were done via RMM or DRAC.

Philip Elder
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer


Richard Blanco Jr. said...

Interesting. We have had no issues like this with our clients on SBS2008 and we are using the same tools as you to pusing out the SP2 and the Update Rollups. The only difference is that we dont use GoDaddy SSL Certs. We have been using GeoTrust RapidSSL. Perhaps your issue has something to do with the intermidiary cert that the Godaddy one requires?

Absoblogginlutely! said...

I've not had that problem on the two servers we've rolled out. Having said that, now I always use logmein (free) for hands on patch installation due to rdp/www being stopped for a lot of Microsoft's patches.

Do you not have a remote tool that your user could run from the server to connect to allow you to remote into the server (like webex) ?