I have a SBS 2008 at home with a static ip. I have the server and a XP Pro domain member in my little network. To access domain servers or workstations you have to first install the SBS 2008 certificate. So I sent it in an email and installed the cert. I can access the workstation or the server in the domain from Vista boxes. I can access the computers from a Server 2003. I cannot access them from XP Pro boxes. I have tried 4 different XP boxes. 3 have IE7, one has IE8. One had SP2, the others had SP3. I get a script error. Yes I imported the certificate the same way on the Vista boxes as I did on the XP boxes by expanding the zip file and clicking on the exe. Yes the XP boxes can access other SBS 2003 remote web page connect to servers pages so I do not believe the remote desktop add in is broken. Except the IE8 XP box could not access the SBS 2003. It was really broke. I was getting VBSCRIPT errors. I do get the VBSCRIPT error from the XP boxes when trying to access the 2008 network but they worked fine accessing the 2003 network. I googled a bit and that got me no where.
On my Vista box the add on is mstscax.dll. On two of the XP boxes the add on is msrdp.ocx. I could not reach the other XP box so I will assume it has msrdp.ocx. The IE8 box had the mstscax.dll listed as installed but not used. Note that I can access application servers on SBS 2003 sites fine with these XP boxes (except for the IE8 box) so I suspect that the IE rdp stuff is good enough for SBS 2003.
Note that I can reach the SBS 2008 network and computers from a Server 2003 that uses the same mstscax.dll like a Vista box. I logged on to another Server 2003 and I see that it uses the mstscax.dll.
Maybe I am reading the addins incorrectly but it appears to me that the more modern operating systems are not using the same remote desktop add on as XP. I am I misreading the situation? Has anyone else tried to access SBS 2008 domain workstations via remote.realworlddomain.com from a XP box? Rhetorical questions a day later as I was asking for help in forums yesterday and got no answers.
So Susan told me things in an email I did not want to hear. It was related to the SBS 2008 certificate. She says buy a real one and eliminate that problem of how to get a good cert to an end user. I say fooey. What is generated should work. So we can disagree on that point. But she did tell me to http://support.microsoft.com/kb/928055/en-us which fixed the problem on 3 boxes. One of those boxes was running IE8 which had the mstscax.dll listed as an installed add on but not used.
Note that the IE8 box was not able to reach a SBS 2003 application server correctly so it is not just a SBS 2008 issue. So I am 3 for 3 when registering the mstscax.dll. When I register that on the IE7 boxes I now see that listed instead of the msrdp.ocx file. So I was indeed on to something when I was really cranky last night. Happiness in the morning when Susan gave me the solution.
So how do you get the SBS 2008 certificate to your end user in East Bumbleduck right now when Microsoft says carry it to them on a usb key? I logged in to the SBS 2008. I made a new OWA email and I attached the Install Certificate Package.zip to emails I sent to the remote users. Remote users can access OWA without the cert. So they open the email, right click the attachment and save as. Extract all and click on the exe to install. So the zip file never really left the domain so it does not get munged up by a bunch of email scanners. Sneakernet for the 21st century?
So my theory of the day is some folks say who cares, it is just SBS 2008 that is having the issue. No one uses that. Well they will real soon. I was getting complaints about SBS 2003 access so it is not really just a SBS 2008 issue.
Thanks to Susan for being the obsessive queen she is.