none
SSTP Errors on Windows Server 2008 R2

    Question

  • Hello all.

    I have just finished configuring SSTP on my Windows Server 2008 R2 machine.

    It currently hosts the following Roles:

    ADCS (Standalone CA, with Web Enrollment)

    ADDS (Domain Controller)

    DNS Server (Domain Integrated Zone)

    Network Policy and Access (Ras Server)

    IIS (Only containing the prerequisites of ADCS Web Enrollment)

    Windows Deployment Services (Unrelated)

    So basically, I have configured the certificates by making this same server the root CA and enrolled the server for a server authentication certificate to use for SSTP. I have also configured the client to trust my root certification authority. So basic topology of this is that the server is configured behind a NAT, and port 443 has been forwarded, and the router has been configured with DynDNS, and accordingly I have made the certificate correspond with the public domain name. I have also created the registry key "NoCertRevocationCheck" and given it a value of 1 to turn revocation checks off.

    So when I connect to the VPN server from the client on a external network (Client is running Windows 8) I get the following error:

    "Error 0x800704D4: The network connection was aborted by the local system"

    Now I've tried this on my other machine which is running windows 7 and got the same issue. If I turn the NoCertRevocationCheck key back to 0 it says that the revocation server is offline. (I'm not worried about revocation checks at this stage)

    I cannot find any event logs on the server saying that it is rejecting my clients. and on the client itself I've got log entries saying the following:

    CoId={2A5A2E54-7E3A-4D02-9C72-EDE25045C926}:The server has refused the Secure Socket Tunneling Protocol (SSTP) request. Either a failure response code or no response code was received. The data portion below contains the response code that was received from the server. This is the HTTP status code present in the response. It can be because the web proxy or the SSTP server might be rejecting the connection, the server might not be configured for SSTP or the server might not have a port available for connection.

    I do have a suspicion it might be my ISP that the VPN server is connected to on some level, but the connection seems to error out straight away.

    Any help will be really appreciated, I've been working all day on this, and its driving me crazy :P

    Thanks,

    Matt J


    Matthew Jones

    Sunday, January 06, 2013 1:55 PM

Answers

  • Hi,

    Thanks for your post.

    Please check this:

    Error Description: 0x800704D4: The network connection was aborted by the local system
     
    Possible Cause: This error comes when the hostname of the VPN server is not resolved by the forward proxy in-front of the VPN client.
     
    Possible Solution: Check your proxy settings inside the Internet explorer. If the settings are correct, please ensure you are able to access other web sites (e.g. www.microsoft.com) using the browser. If that also works through, try accessing the URI which SSTP uses internally i.e. https://vpn_server_name/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/  -  please replace vpn_server_name with actual VPN server name. If you see error “the website cannot be found” inside your browser, that validates the hostname resolution failure. If you know the IP address of VPN server, try connecting with that. Else contact your network administrator (who is responsible for managing the web proxy – most probably your ISP) – giving them the details of the problem (i.e. hostname resolution is failing for that particular hostname).

    Quote from the RRAS Blog. Hope it helps.

    Troubleshooting common VPN related errors
    http://blogs.technet.com/b/rrasblog/archive/2009/08/12/troubleshooting-common-vpn-related-errors.aspx


    Best Regards,
    Aiden


    Aiden Cao
    TechNet Community Support

    Tuesday, January 08, 2013 5:29 AM
    Moderator