Windows Home Server 2003 security certificate?
July 25, 2013 6:16 PM Subscribe
What changed so that I can't completely control my Windows Home Server?
A lot of background here, please stick with me. My LAN has a lot of stuff on it, but in particular it has a (headless) Network Attached Storage unit which runs Windows Home Server 2003, and three client computers. One client is Win7pro/64, one is Win7pro/32, and one is Windows 7 Home Premium/64.
All of the clients run a program called "Connector", which auto-loads on boot and shows up in the tray. Because of that, they all do automatic backups every morning. Also, the WHS is mounted as a remote drive by all three clients and appears as external storage. It's possible to manually open Connector and log in to the WHS, and it acts as a custom control console, through which you can do everything you need to do (for instance, when I want it to install patches I use the Connector console).
It's also possible to connect to the WHS using "Remote Desktop". That opens up a frame that looks like a standard Windows Desktop. It's got an icon for running a local copy of Connector, allowing you to do all the same things as Connector on a client computer, or you can get into more normal Windows things like the Control Panel.
That's how it all was up to maybe three weeks ago (I'm not exactly sure when). Now it doesn't quite all work.
Cross mounted drives all work exactly as before. No problem there.
Daily backups still run.
But I can't open Connector on any of my computers to access the control console. When I try I get an error popup that says, "This computer cannot connect to your home server. Check your network connection and make sure your home server is powered on. If your home server has recent restarted, try again in a few minutes." (There isn't any networking problem as such, because I can access the cross-mounted drives.)
I wondered if there might be a problem with Connector itself, so on one machine I uninstalled it, and then downloaded the most recent version and installed it again. It still can't log in, and now it isn't doing backups on that computer.
(About that: the Connector icon in the tray is color coded. When it's fully connected it's green. If not, it's gray. If you ever log in successfully, it retains that indefinitely, and the icon remains green on subsequent boots, and it will do daily backups. On the computer where I reinstalled Connector, I have not ever successfully logged in since the reinstall, and Connector's icon is gray, meaning it isn't at all working with the WHS. But cross mounted drives still work fine on that machine.)
After a couple of days of panic I remembered Remote Desktop and tried that again. I can still connect using that, but, now I get a warning first. There's an error popup that says, "The identity of the remote computer cannot be verified. Do you want to connect anyway? The remote computer could not be authenticated due to problems with its security certificate. It may be unsafe to proceed." and then a bunch of other stuff.
It never used to do that. But that popup allows me to proceed anyway, and Remote Desktop works fine.
Which makes me think that what's happened to me is that Microsoft rolled out a security patch which is screwing me up. When I do patches, I let all the machines do patches at the same time, and I'm pretty scrupulous about keeping up-to-date. (But I don't use AutoUpdate. AutoUpdate is evil.)
I don't know anything about "security certificates" but I can't imagine why I need such a thing to access a computer on my LAN. I didn't used to, or else it used to be OK. But I'm thinking that Connector is more anal about this than Remote Desktop and it just refuses to try, rather than giving me a chance to override the security issue.
What I'm here to ask you kind people is, is there some way I can tell Windows that the certificate is OK? Or is there something I can do to tell Windows that it doesn't need one? Or is there some other way to make this stop happening? Or is something else my problem?
I haven't made any changes to my LAN or to network settings on any of my computers, including the WHS.
By the way, any suggested solution that includes the word "Linux" isn't helpful. Don't. Just don't.
A lot of background here, please stick with me. My LAN has a lot of stuff on it, but in particular it has a (headless) Network Attached Storage unit which runs Windows Home Server 2003, and three client computers. One client is Win7pro/64, one is Win7pro/32, and one is Windows 7 Home Premium/64.
All of the clients run a program called "Connector", which auto-loads on boot and shows up in the tray. Because of that, they all do automatic backups every morning. Also, the WHS is mounted as a remote drive by all three clients and appears as external storage. It's possible to manually open Connector and log in to the WHS, and it acts as a custom control console, through which you can do everything you need to do (for instance, when I want it to install patches I use the Connector console).
It's also possible to connect to the WHS using "Remote Desktop". That opens up a frame that looks like a standard Windows Desktop. It's got an icon for running a local copy of Connector, allowing you to do all the same things as Connector on a client computer, or you can get into more normal Windows things like the Control Panel.
That's how it all was up to maybe three weeks ago (I'm not exactly sure when). Now it doesn't quite all work.
Cross mounted drives all work exactly as before. No problem there.
Daily backups still run.
But I can't open Connector on any of my computers to access the control console. When I try I get an error popup that says, "This computer cannot connect to your home server. Check your network connection and make sure your home server is powered on. If your home server has recent restarted, try again in a few minutes." (There isn't any networking problem as such, because I can access the cross-mounted drives.)
I wondered if there might be a problem with Connector itself, so on one machine I uninstalled it, and then downloaded the most recent version and installed it again. It still can't log in, and now it isn't doing backups on that computer.
(About that: the Connector icon in the tray is color coded. When it's fully connected it's green. If not, it's gray. If you ever log in successfully, it retains that indefinitely, and the icon remains green on subsequent boots, and it will do daily backups. On the computer where I reinstalled Connector, I have not ever successfully logged in since the reinstall, and Connector's icon is gray, meaning it isn't at all working with the WHS. But cross mounted drives still work fine on that machine.)
After a couple of days of panic I remembered Remote Desktop and tried that again. I can still connect using that, but, now I get a warning first. There's an error popup that says, "The identity of the remote computer cannot be verified. Do you want to connect anyway? The remote computer could not be authenticated due to problems with its security certificate. It may be unsafe to proceed." and then a bunch of other stuff.
It never used to do that. But that popup allows me to proceed anyway, and Remote Desktop works fine.
Which makes me think that what's happened to me is that Microsoft rolled out a security patch which is screwing me up. When I do patches, I let all the machines do patches at the same time, and I'm pretty scrupulous about keeping up-to-date. (But I don't use AutoUpdate. AutoUpdate is evil.)
I don't know anything about "security certificates" but I can't imagine why I need such a thing to access a computer on my LAN. I didn't used to, or else it used to be OK. But I'm thinking that Connector is more anal about this than Remote Desktop and it just refuses to try, rather than giving me a chance to override the security issue.
What I'm here to ask you kind people is, is there some way I can tell Windows that the certificate is OK? Or is there something I can do to tell Windows that it doesn't need one? Or is there some other way to make this stop happening? Or is something else my problem?
I haven't made any changes to my LAN or to network settings on any of my computers, including the WHS.
By the way, any suggested solution that includes the word "Linux" isn't helpful. Don't. Just don't.
Have you tried turning it off and-- damn.
That RDP error message is expected and normal when connecting to any machine over the internet, so it's probably picking up on the same security issue that the Connector is. It is, however, safely ignored in every situation I've ever encountered; I use RDP to connect to client machines all day long, over the internet.
Check the date and time on all the machines. Security Certificates are time/date-sensitive. Could be you need a CMOS battery somewhere.
Uninstall/Reinstall on Connector?
posted by Sunburnt at 6:34 PM on July 25, 2013
That RDP error message is expected and normal when connecting to any machine over the internet, so it's probably picking up on the same security issue that the Connector is. It is, however, safely ignored in every situation I've ever encountered; I use RDP to connect to client machines all day long, over the internet.
Check the date and time on all the machines. Security Certificates are time/date-sensitive. Could be you need a CMOS battery somewhere.
Uninstall/Reinstall on Connector?
posted by Sunburnt at 6:34 PM on July 25, 2013
Response by poster: I did uninstall and reinstall Connector on one machine and it didn't solve the problem. (That's the one that isn't doing daily backups any more.)
All three client machines lost the ability to run the console at the same time. I doubt a battery is involved.
I'm not connecting over the internet, I'm connecting over my LAN. All the computers have IPs in 192.168.1.*.
Date and time is correct on all four machines.
posted by Chocolate Pickle at 6:55 PM on July 25, 2013
All three client machines lost the ability to run the console at the same time. I doubt a battery is involved.
I'm not connecting over the internet, I'm connecting over my LAN. All the computers have IPs in 192.168.1.*.
Date and time is correct on all four machines.
posted by Chocolate Pickle at 6:55 PM on July 25, 2013
Response by poster: OK, I hope this works. This is the error popup when I try to run Remote Desktop, plus what appears if I click the "view certificate" button.
posted by Chocolate Pickle at 7:06 PM on July 25, 2013
posted by Chocolate Pickle at 7:06 PM on July 25, 2013
This article descibes how to generate a self-signed SSL certificate and deploy it to your clients. This might help your Windows 7 clients connect to your older WHS 2003. In addition to creating it on the server, it needs to be deployed to your clients to assert that you explicitly trust this certificate. This is fairly common in web development when you need to test https/ssl without buying "real" certificate(s) for development machine(s).
Caveat: I'm assuming that Windows is looking for an SSL certificate, or at least that an SSL certificate can be used for this purpose. I'm not sure if that is right or not. You might want to wait for a more expert opinion from a Windows administrator. I'm a Linux neckbeard ;)
posted by double block and bleed at 8:58 PM on July 25, 2013 [1 favorite]
Caveat: I'm assuming that Windows is looking for an SSL certificate, or at least that an SSL certificate can be used for this purpose. I'm not sure if that is right or not. You might want to wait for a more expert opinion from a Windows administrator. I'm a Linux neckbeard ;)
posted by double block and bleed at 8:58 PM on July 25, 2013 [1 favorite]
Is it possible that something turned the Windows Firewall on on your home server, and that's why your backup program can't connect? If you have any virus scan software on the home server make sure it isn't blocking ports either (check the log).
w/r/t the certificate error, it's hard to say why it started popping up that warning. It says that it can't get the CRL (Certificate Revocation List) but with a self-signed cert I have no idea what the CRL might be. It's not something usually used for self-signed certs. Also, there's a problem with your chain... again, without seeing the details of the certificate and its chain it's hard to say what that's about.
You can install the certificate (the button is in your screen shot) and that might solve the warning. But I really doubt the Remote Desktop cert warning has anything to do with your backup program.
posted by sbutler at 10:16 PM on July 25, 2013
w/r/t the certificate error, it's hard to say why it started popping up that warning. It says that it can't get the CRL (Certificate Revocation List) but with a self-signed cert I have no idea what the CRL might be. It's not something usually used for self-signed certs. Also, there's a problem with your chain... again, without seeing the details of the certificate and its chain it's hard to say what that's about.
You can install the certificate (the button is in your screen shot) and that might solve the warning. But I really doubt the Remote Desktop cert warning has anything to do with your backup program.
posted by sbutler at 10:16 PM on July 25, 2013
« Older My 9-month-old baby is waking up increasingly... | Online science resources for a liberal arts major? Newer »
This thread is closed to new comments.
posted by Chocolate Pickle at 6:18 PM on July 25, 2013