RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
While you follow the Step-by-Step Guide:
SSTP Remote Access Step-by-Step Guide: Deployment http://technet2.microsoft.com/windowsserver2008/en/library/9f69d438-2723-4e15-836f-8e58ef2827141033.mspx?mfr=true
(http://technet2.microsoft.com/windowsserver2008/en/library/9f69d438-2723-4e15-836f-8e58ef2827141033.mspx?mfr=true)
, you may receive the following error:
Â
Symptom6: Client tries to connect to SSTP VPN server and it fails to connect giving error message 0x80092013
Trouble-shooting steps: This will happen if client is failing the certificate revocation check of the SSL certificate obtained from server side. Ensure the CRL check servers on the server side are exposed on the Internet. This is because CRL check is done on the client side during SSL connection establishment phase and the CRL check query will be directly going on the Internet.
Â
The CRL distribution point in your certificate should point to your external DNS name. The SSTP guide does not address this deployment issue that the VPN server’s internal DNS name is referenced in CRL. By default, the CRL URL is set to server’s internal DNS name (e.g. vpn1.contoso.local).
To troubleshoot this issue, follow these steps:
Â
1.      Open Server Manager and navigate to Roles, Active Directory Certificate Services
2.      Right click on CA name (e.g. mycompany-vpn1-CA) and choose Properties.
3.      Click Extensions tab.
4.      Select the pre-existing http: URL and click Remove.
5.      Click Add…
6.      Type http://
7.      Type external URL of VPN server
8.      Type CertEnroll/
9.      Insert variable <CaName>
10.  Insert variable <CRLNameSuffix>
11.  Insert variable <DeltaCRLAllowed>
12.  Type .crl
13.  Check boxes Include in CRLs… and Include in the CDP…
Â
Note These steps should be done before SSTP VPN is configured. Otherwise, one must revoke the old cert and then request, issue, and install the new one.
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALSâ€) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.