got an error setting up a vanilla Windows 2008 R2 server for RD Web Apps – IIS wouldn’t load any web pages and the error message was telling me exactly what the problem was. Funny thing is I couldn’t see the needle in that haystack. So Google is my friend and so is this guy at this blog – Thank Indian for your helpful comment. Removed the extra \ in the ISAPI filter path and all was fixed!
- Let’s say you like keeping as much money as possible and only spending what is necessary.
- Let’s also say you like the idea of using an industry standard certificate that often has its Root and Intermediate certificates prepopulated in cell phones.
What Why Where?
- Why DYNDNS? …typically due to the business using a dynamic IP address
- they hold the DNS name servers for their entire namespace which is how your DNS records can get instantly updated across the globe when your IP addy changes
- …and you can have your ‘real’ domain name also registered and managed there using this same ‘instant-change’ DNS methodology
- The cert offered by DYNDNS is overpriced at $99/yr. Their other services are extremely price friendly so maybe this isn’t such a big deal. …but then again it’s money you can keep
- Go Daddy often has a Google Search keyword “security certificate” $12.99 SSL cert special. This is the same cert they (Go Daddy) normally charge $45 for. You can purchase from 1-5 years.
- your site: rubberduckies.dyndns.com
your DYNDNS WHOIS information
- it won’t be able to be seen by Go Daddy in order to send you the verification email
- Why? WHOIS queries only happen at the root domain level ….& the root domain DYNDNS.com isn’t owned by you
- The Administrative Contact for that WHOIS query is firstname.lastname@example.org which BTW isn’t you
DYNDNS Custom DNS
- Let’s imaging you also paid for a real domain name “rubberduckies4vr.com” with DYNDNS and associate it with your rubberduckies.dyndns.com zone
- It will have the same WHOIS information as above …and the same failed results for a SSL cert issuance validation step
- you can set up your SSL cert with either domain name – that won’t be covered in this post …assuming you understand and would most benefit of using the rubberduckies4vr.com name
SSL certificate issuance steps
- First step –generate a CSR (certificate signing request) – at your IIS server
- Buy a cert – you are really buying a credit which later can get ‘managed’ into a real certificate – at GoDaddy
- Manage the Certificate that is listed under your Go Daddy “My Products”
- Use the cert credit – involves entering the CSR by cut-n-paste from the text file on your PC to the Go Daddy GUI
- Cert goes to a state of ‘pending’
- Go Daddy sends a validation email to the Administrator Contact which requires reception and a reply to prove you actually are authorized from the domain – …but that isn’t you (see WHOIS above) and you don’t get that email
When that fails (see above reason if you have forgotten) you **can** request that Go Daddy send you a 7 digit code to create a TXT record for validation
- adding a DNS record into your domain proves you to be an authoritative person for the domain
- Go Daddy must be called before they email you this
- create the TXT record per their instructions
- you manage your DNS records at DYNDNS (required when using a dynamic IP/DNS account) and that is where this TXT record gets entered
With that TXT alternate validation method in place you return to the Go Daddy certificate management portal and click the link for “What’s holding this up?”
- you will see a window with a link to click to have Go Daddy use the TXT validation
Return to the cert portal and see if the cert has cleared all hurdles and is “issued”
If it isn’t you may have to wait for Go Daddy to manually review your site and request
- I phoned and politely requested that it be moved to the top of the list – and so it went upwards to the top
- took about an hour and your mileage may vary since there are a lot of unknown factors to a manual process …but it will get completed!
Download the certificate
A five year Go Daddy SSL cert just cost you $65. Of course you could have spent $495 with DYNDNS. Please send your grateful donation to me at your discretion. ;-D
OpenDNS – I use it and like it and yield it like a Zen master: OpenDNS
Regardless if any blocking is used, the tool still provides an auditing/oversight function. OpenDNS is a high availability DNS service; it has a very proven track record of dependable service. If there were a cost it would be sellable; however, it’s ‘free as in beer’ so that is an even easier sell. If for nothing else it could be used as an introductory mechanism to helping your client discover the value of such web oversight of his office staff. Some would rather not bother; some will require access to this information on a as-needed basis, some are overreaching power mongers. It’s not a one size fits all thing.
As for if you trust them in their expressed intention of being a good neighbor in the ‘net’ as to their reason for providing this FREE service, that’s for you to sort out. As a skeptic looking for my clients best interests, I’ve not been given any telltale signs of any bait-n-switchery or other less than forthright underpinnings. It seems legit.
One downside I’ve discovered with OpenDNS is with optionally your logo integrated; when done your logo is displayed on an informational html page whenever something doesn’t resolve or is blocked. Although at first I thought this good in that I’d have a track back mechanism for people who were false-positive blocked that would enable finer adjustments, white listing, …etc. However, instead it put me in the position of a web ‘door-man aka bouncer’ of sorts. I really don’t advocate putting yourself in that front and center thug/gate-keeper position unless you have a service agreement in place as well as some pre-existing expectations, instructions, and explanations as to the who?, what?, and why? of web filtering in writing and distributed to all under your wise and almighty judicious power. 🙂
To add your own logo to the SBS Remote Web Workplace aka RWW you merely need to replace the file shown below, RwwOEMLogo.gif, with your own .gif formatted logo. The default is a blank 135×20 pixel rectangle – whatever size you bring in that fits in the RWW form window should be good to go. The size of the header logo at the top is 448 x 175 pixels and its name is login.gif in case you want to modify it to carry that same look for use on the bottom logo.
Now Windows Home Server integrates this same RWW feature. I’ll bet Kevin a dip of Graeter’s black-rasberry-chip that this works exactly the same in WHS.
Here’s my site in action:
Here’s another way I found it useful. To notify those on vacation on cruise ships, skiing, or otherwise impractical to call that their access is suspended due to password security breach of a dismissed employee. Can’t say that many words so brevity has its limits. **FYI – notice something else customized?**
***late breaking update***
If you want your logo centered rather than alligned to the right you can make this happen. Edit and search through the logon.aspx for this picture file’s name – ‘RwwOEMlogo.gif’. Preceding it is the HTML code align=right. Change “right” to “center” and you are golden.
A special note to the Paint.NET tool at www.getpaint.net . It rocks!
FYI – I’m putting this on my list of thing to research & explore for 2008. If an “easy” extranet SharePoint site can be made possible, I’m VERY interested and I think many businesses might benefit from this too.
The Extranet Collaboration Toolkit for SharePoint helps enhance security by creating each collaboration site as a SharePoint site collection. This ensures that teams using one collaboration site will not be able to view documents on another site, unless they are explicitly given access. In addition, the toolkit puts all external users in ADAM (Microsoft’s lightweight directory service), rather than in the organization’s primary internal directory.
The benefits for your customers include:
Boosts security. The toolkit allows team members to store and share documents centrally on their organization’s server, instead of e-mailing documents to others across the Internet. And instead of giving VPN access to external team members (therefore granting them access to everything on the internal network), site owners can give external members access to just the team collaboration site.
Easy to deploy. Automated tools and step-by-step instructions allow customers to deploy this Solution Accelerator quickly and easily – in as little as two hours, instead of weeks or months without the toolkit.
Easy to use. Once the toolkit is deployed, team members can set up their own SharePoint collaboration sites in minutes. The toolkit’s web-based interface makes it simple for team members to share documents and collaborate with each other across the Internet.
Reduces IT costs and boosts productivity. Project team members can manage sites on their own, freeing up scarce IT resources to focus on higher-return activities.
Thoroughly tested. The toolkit is extensively tested in our labs, and verified by customers and partners under real-world conditions.
The Extranet Collaboration Toolkit for SharePoint is now in Beta and available via MSConnect! To learn more about the toolkit, click here.
Microsoft SharePoint Products and Technologies Team Blog : New Beta Extranet Collaboration Toolkit