Home > Security > SSTP VPN Client Connection Issue

SSTP VPN Client Connection Issue

 

I recently was having issues trying to connect from Vista to a Server 2008 VPN server using SSTP (Secure Sockets Tunneling Protocol).  I was getting the following error:

SSTP Error Msg

Both PPTP and L2TP\IPSec worked fine so I knew the VPN Server was functional and that Certificates were working as IPSec VPN’s require computer certificates.  After reviewing the Microsoft Press Book “Networking and Network Access Protection (NAP)” I realized that not only does SSTP require a server side computer certificate and that the root certificate is trusted by the clients and but that the server needs to verify the validity of the server certificates by querying the Certificate Revolaction List (CRL) or an Online Responder.   I verified that the CRL was setup using the Microsot Press Book “Configuring Windows Server Active Directory”  and that the root certificate is trusted in the domain as seen below:

*DC1-INFRA-CA is the Root Certificate Authority… Trusted Root Certificates

 

After doing some more research I found the a blog by Brad Ratkowski which had a posting to the the Microsoft “Server 2008 Step-By-Step Guides“.  After reviewing the site I noticed a step-by-step in how to configure SSTP which I will be using and hopefully resolve the issue.

Advertisements
Categories: Security
  1. May 13, 2010 at 1:09 am

    Hello my name is Anthon, I really liked your article! Nice work, joeroc

    • joeroc
      May 17, 2010 at 12:48 am

      Thxs..Glad you liked it. Have you implemented the SSTP VPN?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: