none
SSTP VPN not working after updating UAG 2010 to SP3 RRS feed

  • Question

  • We updated our UAG 2010 server to SP3 over the weekend and now our SSTP VPN isn't working.  When I launch it from the portal I immediaitely get a "Connection Ended" message.  We made no other configuration changes besides updating to SP3.

    Here are some Events that are logged on the client computer:

    Log Name:      Application
    Source:        RasClient
    Date:          2/27/2013 1:12:06 PM
    Event ID:      20221
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      ComputerName
    Description:
    CoId={0771D2F4-588B-476F-B3B0-59FFC1349A9C}: The user ComputerName\UserName has started dialing a VPN connection using a per-user connection profile named UAGSSTPVPN. The connection settings are: 
    Dial-in User = 
    VpnStrategy = SSTP
    DataEncryption = Requested
    PrerequisiteEntry = 
    AutoLogon = No
    UseRasCredentials = Yes
    Authentication Type = MS-CHAPv2 
    Ipv4DefaultGateway = Yes
    Ipv4AddressAssignment = By Server
    Ipv4DNSServerAssignment = By Server
    Ipv6DefaultGateway = Yes
    Ipv6AddressAssignment = By Server
    Ipv6DNSServerAssignment = By Server
    IpDnsFlags = 
    IpNBTEnabled = Yes
    UseFlags = Private Connection
    ConnectOnWinlogon = No.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20221</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T19:12:06.000000000Z" />
        <EventRecordID>12703</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ComputerName</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{0771D2F4-588B-476F-B3B0-59FFC1349A9C}</Data>
        <Data>ComputerName\UserName</Data>
        <Data>VPN</Data>
        <Data>per-user</Data>
        <Data>UAGSSTPVPN</Data>
        <Data>
    Dial-in User = 
    VpnStrategy = SSTP
    DataEncryption = Requested
    PrerequisiteEntry = 
    AutoLogon = No
    UseRasCredentials = Yes
    Authentication Type = MS-CHAPv2 
    Ipv4DefaultGateway = Yes
    Ipv4AddressAssignment = By Server
    Ipv4DNSServerAssignment = By Server
    Ipv6DefaultGateway = Yes
    Ipv6AddressAssignment = By Server
    Ipv6DNSServerAssignment = By Server
    IpDnsFlags = 
    IpNBTEnabled = Yes
    UseFlags = Private Connection
    ConnectOnWinlogon = No</Data>
      </EventData>
    </Event>
    

    Log Name:      Application
    Source:        RasClient
    Date:          2/27/2013 1:12:06 PM
    Event ID:      20222
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      ComputerName
    Description:
    CoId={0771D2F4-588B-476F-B3B0-59FFC1349A9C}: The user ComputerName\UserName is trying to establish a link to the Remote Access Server for the connection named UAGSSTPVPN using the following device: 
    Server address/Phone Number = vpn.domainname.com
    Device = WAN Miniport (SSTP)
    Port = VPN0-1
    MediaType = VPN.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20222</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T19:12:06.000000000Z" />
        <EventRecordID>12704</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ComputerName</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{0771D2F4-588B-476F-B3B0-59FFC1349A9C}</Data>
        <Data>ComputerName\UserName</Data>
        <Data>UAGSSTPVPN</Data>
        <Data>
    Server address/Phone Number = vpn.domainname.com
    Device = WAN Miniport (SSTP)
    Port = VPN0-1
    MediaType = VPN</Data>
      </EventData>
    </Event>
    

    Log Name:      Application
    Source:        RasClient
    Date:          2/27/2013 1:12:07 PM
    Event ID:      20223
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      ComputerName
    Description:
    CoId={0771D2F4-588B-476F-B3B0-59FFC1349A9C}: The user ComputerName\UserName has successfully established a link to the Remote Access Server using the following device: 
    Server address/Phone Number = vpn.domainname.com
    Device = WAN Miniport (SSTP)
    Port = VPN0-1
    MediaType = VPN.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20223</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T19:12:07.000000000Z" />
        <EventRecordID>12705</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ComputerName</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{0771D2F4-588B-476F-B3B0-59FFC1349A9C}</Data>
        <Data>ComputerName\UserName</Data>
        <Data>
    Server address/Phone Number = vpn.domainname.com
    Device = WAN Miniport (SSTP)
    Port = VPN0-1
    MediaType = VPN</Data>
      </EventData>
    </Event>
    

    Log Name:      Application
    Source:        RasClient
    Date:          2/27/2013 1:12:07 PM
    Event ID:      20224
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      ComputerName
    Description:
    CoId={0771D2F4-588B-476F-B3B0-59FFC1349A9C}: The link to the Remote Access Server has been established by user ComputerName\UserName.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20224</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T19:12:07.000000000Z" />
        <EventRecordID>12706</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ComputerName</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{0771D2F4-588B-476F-B3B0-59FFC1349A9C}</Data>
        <Data>ComputerName\UserName</Data>
      </EventData>
    </Event>
    

    Log Name:      Application
    Source:        RasClient
    Date:          2/27/2013 1:12:08 PM
    Event ID:      20227
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      ComputerName
    Description:
    CoId={0771D2F4-588B-476F-B3B0-59FFC1349A9C}: The user ComputerName\UserName dialed a connection named UAGSSTPVPN which has failed. The error code returned on failure is 919.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20227</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T19:12:08.000000000Z" />
        <EventRecordID>12707</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ComputerName</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{0771D2F4-588B-476F-B3B0-59FFC1349A9C}</Data>
        <Data>ComputerName\UserName</Data>
        <Data>UAGSSTPVPN</Data>
        <Data>919</Data>
      </EventData>
    </Event>
    

    Log Name:      Application
    Source:        RasClient
    Date:          2/27/2013 1:12:13 PM
    Event ID:      20226
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      ComputerName
    Description:
    CoId={0771D2F4-588B-476F-B3B0-59FFC1349A9C}: The user ComputerName\UserName dialed a connection named UAGSSTPVPN which has termiUserNamed. The reason code returned on termination is 828.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20226</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T19:12:13.000000000Z" />
        <EventRecordID>12708</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ComputerName</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{0771D2F4-588B-476F-B3B0-59FFC1349A9C}</Data>
        <Data>ComputerName\UserName</Data>
        <Data>UAGSSTPVPN</Data>
        <Data>828</Data>
      </EventData>
    </Event>
    

    Log Name:      Application
    Source:        RasClient
    Date:          2/27/2013 1:12:13 PM
    Event ID:      20226
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      ComputerName
    Description:
    CoId={0771D2F4-588B-476F-B3B0-59FFC1349A9C}: The user ComputerName\UserName dialed a connection named UAGSSTPVPN which has termiUserNamed. The reason code returned on termination is 631.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20226</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T19:12:13.000000000Z" />
        <EventRecordID>12709</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ComputerName</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{0771D2F4-588B-476F-B3B0-59FFC1349A9C}</Data>
        <Data>ComputerName\UserName</Data>
        <Data>UAGSSTPVPN</Data>
        <Data>631</Data>
      </EventData>
    </Event>

    I looked through the logs on the UAG server and didn't see anything that really struck me as odd...

    We've tried reapplying the SSL cert, restarting the UAG server, and deleting and re-adding the portal link to launch the VPN.  Nothing has worked.

    Wednesday, February 27, 2013 8:54 PM

Answers

  • Hello,

    I had similar problem today (after upgrade from SP2 to SP3+RU1 SSTP stop working with many different errors).

    It seems that after rebooting the server, all worked as expected (The SP3 installation did not ask for a reboot, so we did not reboot).

    Hope this help..

    Ophir.

    ---

    Ophir Polotsky - Aman Group

    • Marked as answer by nmuleski1 Thursday, April 11, 2013 8:15 PM
    Thursday, April 11, 2013 7:09 PM
    Moderator

All replies

  • I'm not sure if this is relevant to your environment but I had similar connection errors on my clients due to a Network Policy in NPS reverting itself to an Access Type of 'Deny Access' from 'Grant Access' (actually I think its the way I've configured things incorrectly tbh).

    I'm not sure they help much but the error codes can be found here for anyone who's looking

    http://msdn.microsoft.com/en-us/library/windows/desktop/bb530704(v=vs.85).aspx

    Thursday, February 28, 2013 12:51 PM
  • I don't believe my issue is related to NPS but after checking out the three error codes I see on the client (919, 828, 631) I saw this:

    919 - ERROR_PEER_REFUSED_AUTH

    The connection could not be established because the authentication protocol used by the RAS/VPN server to verify your username and password could not be matched with the settings in your connection profile.

    Hopefully that will point me in the right direction.

    Thursday, February 28, 2013 4:32 PM
  • Hello,

    I had similar problem today (after upgrade from SP2 to SP3+RU1 SSTP stop working with many different errors).

    It seems that after rebooting the server, all worked as expected (The SP3 installation did not ask for a reboot, so we did not reboot).

    Hope this help..

    Ophir.

    ---

    Ophir Polotsky - Aman Group

    • Marked as answer by nmuleski1 Thursday, April 11, 2013 8:15 PM
    Thursday, April 11, 2013 7:09 PM
    Moderator
  • Hello,

    I had similar problem today (after upgrade from SP2 to SP3+RU1 SSTP stop working with many different errors).

    It seems that after rebooting the server, all worked as expected (The SP3 installation did not ask for a reboot, so we did not reboot).

    Hope this help..

    Ophir.

    ---

    Ophir Polotsky - Aman Group

    I forgot to update this thread but rebooting the server worked for us as well!

    Thanks for your response!

    Thursday, April 11, 2013 8:15 PM