UAG SSTP Setup Issue RRS feed

  • Question

  • We are trying to configure SSTP on our test UAG portal.  Setup seemed pretty straight forward.  Unfortunately when a Win7 client connects to the portal and launches the SSTP application, the SSTP connection immediately terminates.

    The client EventLog shows the following error:

    The SSTP-based VPN connection to the remote access server was terminated because of a security check failure. Security settings on the remote access server do not match settings on this computer. Contact the system administrator of the remote access server and relay the following information:

    SHA1 Certificate Hash: 69C8B354D71093A6622BF4FE4ECAD7BEEF20DDA4
    SHA256 Certificate Hash: 712D4A448BF73D2BDE33CF92C84750699ACF96EB09A27550264ED39872DCC356

    The server eventlog shows the following error:

    The user <removed> connected to port VPN0-9 has been disconnected because no network protocols were successfully negotiated.

    I did some looking around the web and noticed a Microsoft article describing how to configure SSTP to use a different cert than the IIS website.  We are trying to use the same wildcard cert for both but I did look in the RRAS settings for the SSTP connections and noticed that the certificate is set to Default instead of the wildcard certificate.  It will not let us change it to the wildcard certificate.  If I try, I get this error message:

    The certificate used for Secure Socket Tunneling Protocol (SSTP) is different than the certificate bound to the SSL (web listener, HTTP.sys).  Configure SSTP to use the default certificate or the certificate bound to SSL.  You can configure web server application to use the same certificate used by SSTP.

    Anyone run into this before, I'm not sure what else to try other than purchasing a certificate based on the hostname of the service.

    Tuesday, December 8, 2009 9:55 PM


All replies