Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
SSTP VPN for client behind MS ForeFront TMG

Answered SSTP VPN for client behind MS ForeFront TMG

  • Wednesday, October 17, 2012 8:19 AM
     
     
    Sign In to Vote
    0

    Hi and thank you!

    I've got RRAS SSTP VPN on Win 2008 server. Works ok.

    And I've got one client that is sitting on Win7 behind the MS ForeFront TMG.

    He could not connect to VPN with error - 0x80072742 (A socket operation encountered a dead network. or something like this - his OS is not in English) What could I recommend to his admin to do with ForeFront to allow him to connect? He tells me that all ports are open - could I check this from a client laptop?

    telnet my.site 443 is fine

    Lina



    • Edited by wellyna Wednesday, October 17, 2012 9:52 AM
    •  
     

All Replies

  • Thursday, October 18, 2012 9:24 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    If the vpn client bypass TMG server, does it work? If yes, please check the TMG live logging if there is any error message when sstp vpn is connecting?

    Regards,

    Nick Gu - MSFT

     
  • Thursday, October 18, 2012 11:01 AM
     
     
    Sign In to Vote
    0

    Thank you Nick!

    I've tested this VPN in many different networks - everywhere was ok. Just this client.

    I know nothing about TMG, so could you tell me where and what exactly to look for? So I could ask admin on the client side.

    Thx!

    Lina

    Lina

     
  • Monday, October 22, 2012 4:15 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the update.

    To narrow down this issue, you may use another client that in the same network with problematic client behind TMG server to connect sstp vpn, if the connection well then the issue may be related to you client settings not from TMG server.

    Regards,

    Nick Gu - MSFT

     
  • Tuesday, October 23, 2012 11:13 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    As the connection is essntially seen as HTTPS, it is likely that TMG is configured to require authentication for Internet access which cannot be satisfied by the SSTP client. To solve this, the TMG admin will need to define an anonymous access rule from internal clients to my.site for HTTPS.

    It may also be necessary to define the TMG server as a proxy server under the computer context on the SSTP client machine using the netsh winhttp command line tool.

    Cheers

    JJ

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk