none
Error 0x80072746: An existing connection was forcibly closed by the remote host. When connecting with SSTP

    Question

  • The SSTP VPN connections were working fine until we had to change the IP address that TMG had for the SSTP listener. Now I am getting the error in the title.

    I have made sure that the certificate is bind to the correct External IP address and I can see TMG listening on that IP on port 443, but no one is able to connect.

    PPTP connections work fine.

    Any help is greatly appreciated.

    Wednesday, March 02, 2011 10:31 PM

Answers

  • As soon as I switched to the old IP from the old ISP it is working again. Wow, who could have thought that the ISP is doing some funny stuff and even after talking to them they are not helpful....

     

    Anyways thanks for your help.


    Regards, Mo
    • Marked as answer by MoIT1 Wednesday, March 30, 2011 6:40 PM
    Wednesday, March 30, 2011 6:37 PM

All replies

  • Hi,

    is there another Listener on the TMG Server which publish the same port with the same IP address?
    Did you restarted the TMG Firewall service after the IP address change?


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Thursday, March 03, 2011 7:58 AM
  • Hi Marc,

    Thanks for the reply. There are other listeners but on different IP addresses using the same port.

    netsh tmg show creations

    9      TCP(6)    0.0.0.0:0             123.456.789.111:443
    7      TCP(6)    0.0.0.0:0             127.0.0.1:8080
    632    TCP(6)    0.0.0.0:0             123.456.789.113:25
    630    TCP(6)    0.0.0.0:0             123.456.789.113:143
    10     TCP(6)    0.0.0.0:0             123.456.789.113:443
    631    TCP(6)    0.0.0.0:0             123.456.789.113:993
    12     TCP(6)    0.0.0.0:0             123.456.789.116:443

    Last one is for SSTP

    Yes. I have restarted the server itself and also installed the Rollup Update 3 for SP1.

    Regards,

    Mo

    Thursday, March 03, 2011 5:14 PM
  • Hi,

     

    Thank you for the post.

     

    According to research, the error message 0x80072746 which comes when the server machine certificate binding to HTTPS is not done on the VPN server or the server machine certificate is not installed on the VPN server. Please check whether relevant machine certificate is installed  on the TMG server. If installed correctly, check the HTTPS binding by running following command at the TMG server command prompt - “netsh http show ssl”. For more information, please refer to this blog: http://blogs.technet.com/b/rrasblog/archive/2007/11/08/do-you-want-to-change-the-certificate-used-by-the-sstp-server-read-how.aspx

     

    Regards,


    Nick Gu - MSFT
    Monday, March 07, 2011 8:04 AM
    Moderator
  • Hi Nick,

    Thanks for the reply. I have verified that the certificate is installed through the Certificates Console and is bind to the SSTP Listener in TMG. It was working normally before the IP address change.

    The netsh results are empty which I was told by Microsoft support is Ok as bindings will be shown if only the VPN server Role of Windows Server 2008 was being used and not with TMG: Quoting...

    " If you use SSTP for VPN RA in TMG, you need to use the TMG VPN configuration. This will create a TMG SSTP/HTTPS listener and not use http.sys (Which RRAS and IIS use for SSL termination). It is OK for netsh to show an empty result"

    I have gone through that blog but I am afraid it does not apply (correct me if it's not the case) to this situation.


    Regards, Mo
    Monday, March 07, 2011 3:19 PM
  • As soon as I switched to the old IP from the old ISP it is working again. Wow, who could have thought that the ISP is doing some funny stuff and even after talking to them they are not helpful....

     

    Anyways thanks for your help.


    Regards, Mo
    • Marked as answer by MoIT1 Wednesday, March 30, 2011 6:40 PM
    Wednesday, March 30, 2011 6:37 PM