Once the whole service pack process completed we ended up with one failure:
Error: Service ‘TSGateway’ failed to start. Check the event log for possible reasons for the service start failure.
We checked Services.msc on SBS to see what services were stalled besides the TS Gateway one. The Information Store service was also stopped. So, we rebooted the server to make sure everything took.
Once the server came up with the logon screen we tried to remote into a system via the TS Gateway service. The connection failed:
Remote Desktop connection
Your computer can’t connect to the remote computer because the Remote Desktop Gateway server’s certificate has expired or has been revoked. Contact your network administrator for assistance.
The certificate shown in the above error message was the wrong one. This particular client had a wildcard certificate *.domain.com installed but what we see is a self-issued certificate.
So, we re-ran the Third Party Trusted Certificate after making the necessary registry change to install a wildcard certificate on SBS 2008 (applies to SBS 2011 too).
Once we had a successful TSGateway based RDP connection into the network we also logged onto OWA to verify that everything was running okay which it was.
We ran this particular update via a direct console session even though we were remotely connected. If our only way into the network was via TSGateway we would have been in trouble. Intel’s RMM or Dell’s DRAC are a good thing to have for those just-in-case moments like this one.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book