You receive a Vbscript error while connecting to the client/server computer using RWW in SBS 2008.

[Today’s post comes to us courtesy Bhushan Gokhale.]

In SBS 2003, we receive the request from remote machine on port 4125 (which opens Dynamically on the server), and after validating the request, we redirect it to the appropriate client machine. Unlike SBS 2003, we do not use port 4125 redirection anymore. In SBS 2008, Remote Web Workplace is based on the TS gateway technology (TS gateway is a part of Windows Server 2008 role suite). However, if the certificates are not configured correctly, you may experience the following issue.

You may get the following error while connecting to the client or server computer, which is inside SBS 2008 network, using Remote Web Workplace:

---------------------------
VBScript: Remote Desktop Disconnected
---------------------------
An internal error has occurred (error 50331688). For more information, please contact your network administrator or Microsoft Product Support.
---------------------------
OK
---------------------------

To isolate the issue, you must try to connect to the internal computer using Remote Desktop Client (RDP). To connect using Remote Desktop Client, follow the steps given below:

-Open the RDP client.
-Click on Options.
-Go to Advanced tab,
-Click on Settings.
-Select “Use these TS gateway server settings”.
-Type the External URL that you use to connect to RWW (without https://). For Eg.: Remote.contoso.com
-Click on General Tab.
-Type the name of the internal computer you want to connect to. For Eg.: computer1.contoso.local
-Fill in other details and click on connect.

When you try to connect to the client machine, with SBS 2008 as TS gateway, you get the error:

This issue occurs if you do not have the certificate installed on the TS Gateway. To resolve this issue you must add the certificate on TS gateway. To do this, follow the steps given below:

- Open TS gateway manager. (Start-Administrative Tools-Terminal Services-TS gateway manager).
- Click on Server name.
- Click on Properties on the right most pane.
- Click on SSL certificate Tab.
- If you have the correct certificate installed, you should see the Window as shown below.

If the certificate is not installed, you should see the Window as shown below:

To install the certificate, you must first ensure that the correct certificate is available on the server.
You should find this certificate in the personal store of SBS 2008. To check the certificate in the personal store:

· Click on Start-Run
· Type mmc and click on ok
· Click on File and select Add/Remove Snap-in from the menu.
· Select Certificate Snap-in from the list an click on Add
· Select Computer Account and click on Next.
· Select Local Computer and click on Finish.
· Click on OK again.
· Expand Certificate Snap-in
· Expand Personal and click on Certificates.
· You should see the certificate issued by your Certificate Authority to your External domain name (For Eg: remote.contoso.com)
· If you do not see this certificate, run the “Setup your internet Address” or “Fix my Network” wizard again.
· If you are using the 3^rd Party Certificate, make sure that the certificate is a part of Computer’s Personal Store.

To add this certificate on the TS Gateway, follow the steps given below:

- Open the TS Gateway Manager.
- Right Click on the <servername> and click on properties.
- Click on SSL Certificate Tab.
- Click on Browse Certificates Button.
- Select the certificate that corresponds to your External domain name (remote.contoso.com)
- Click on Install.

After making these changes, you should be able to connect to the internal machines from Remote Web Workplace.