The official blog for Windows Server Essentials and Small Business Server support and product group communications.
EPS Team Blogs
[Today’s post comes to us courtesy of Moloy Tandon and Richard Pulliam from Commercial Technical Support]
Remote Web Workplace (RWW) has been a key feature for the SBS line of products since SBS 2003. It provides a central web location for remote workers to access corporate resources no matter where they are. With the onset of Windows Small Business Server (SBS) 2011 Standard, the new name for RWW is RWA or Remote Web Access. In SBS 2011 Standard Remote Web Access (RWA) has been revamped for greater usability, customizations and additional features such as file sharing.
For full access to the RWA feature set from the internet, you must ensure the following:
The user interface has gone through some significant upgrades to provide a more up to date look and feel. It is also customizable on a per user basis, to give the end sure some flexibility on how they want the User Interface to be organized. The logon screen shown below will use Forms Based Authentication similar to previous versions.
Once you are authenticated you will be brought to a customized page, both based on your user preference and your account access level.
From one centralized location, users can perform the following task:
Upon logging into RWA, you will notice that email, computers, shared folders, links, and such are organized in different groupings, which known as “gadgets”. Each loads independently of each other, allowing you to choose which gadgets/links are displayed on the RWA home page by accessing the Remote Web Access Properties page from Windows SBS Console > Shared Folders and Web Sites tab > Web Sites sub-tab. Changes made to the RWA Home page links will affect all users.
When users log into RWA they will see Organization Links. If they are a member of the “Windows SBS Admin Tools Group”, they will also see the Administrative Links list. You can control what links appear in the Organization and Administrative Links lists. To edit this list from Windows SBS Console.
The gadgets on the home page of RWA can be moved freely around the screen to give the end user the ability to customize the look to their preference. All of the user preferences are stored in an XML files located in “C:\Program Files\Windows Small Business Server\Data\RemoteAccessProfiles\”. The filename is based on the user SID + username. We will talk more about gadget customization in a separate blog post.
File Sharing is a new component of RWA introduced in SBS 2011 Standard. It will allow remote users to access files on SBS server shares. This feature will be discussed in detail in a separate blog post.
The Connect to Computer feature of RWA allows users to connect to their work computer from anywhere in the world as long as they have internet connection. This feature hasn’t changed much from SBS 2008. You can refer to this blog post for detailed understanding of this feature under the section ‘Connect to a Computer’.
Remote Desktop Gateway (RDP Gateway), formerly called TS Gateway in SBS 2008, is the technology used on the backend to accomplish the ‘Connect to Computer’ functionality in SBS 2011 Standard. RD Gateway allows TS clients to establish secure connections over SSL (443) using RPC Proxy, also known as RDP over HTTPS. To learn more about Remote Desktop Gateway see the following TechNet link:
In order for clients to be able to establish a connection to the Remote Desktop Gateway server, the following must be true:
You can choose to either use the self-signed certificate for RWA generated by the Internet Address Management Wizard, or purchase a trusted 3rd party SSL certificate issued from a public authority. If you choose the self-signed certificate, you need to ensure the client machines have the root certificate installed. Refer to the following post, which also applies to SBS 2011 Standard, for further instructions:
How Do I Distribute the SBS 2008 Self-Signed SSL Certificate to My Users?
If you want to use a trusted public cert, you’ll need to run the Add a Trusted Certificate Wizard to install it on the server. The advantage of this method over the first is that there will be no need to install a certificate on the client. For further information about the wizard, refer to the following post which also applies to SBS 2011 Standard:
Introducing the “Add a Trusted Certificate Wizard” in SBS 2008
I've just completed a migration from SBS 2003 to SBS 2011. I've installed a wild card certificate from GoDaddy, but i have used the Exchange management console to install it and then selected the SMTP and IIS services for assignment. OWA, RWW, etc works well. However when a user tries to connect to an internal computer, the server prompts a security warning saying the certificate is untrusted (this is because the server is picking up the self-signed certificate). I've tried re installing the GoDaddy SSL certificate using the Add a trusted certificate wizard, but still receive the same warning.
Is there a way in the RDP gateway to specify which server to use (like in the TS gateway manager in SBS 2008) ?
You'll need to install the RDP gateway console first, using the procedure found in support.microsoft.com/default.aspx. You can then open the console, go to the properties of the server object, and click on the "SSL Certificate" tab where you can import the existing cert.